njrat | njRAT[.]zip | Triage

Sharing

General

Target

njRAT.zip
Size

349KB
MD5

8d6d88365875dde55078c005fc496370
SHA1

649d93d699164a5f4f1b8c5ee7088c67ca521af7
SHA256

00db602f19cde43d3f953560af9e3a94f76361b6c1274f8cd361c09fb56d93f8
SHA512

3f1e9cbb4ea938b3dd514b49af51dcf3827756fb679619171018c1fe562669602eb8f31b7d3ca1f1bbd58f1a900b55afdaf724d819172747a16eefe19516003b
SSDEEP

6144:YeAmDxawiyxe6x0esoo9/v6rF/U65Co/f3/neqBf4gkU5F6W6sGdfXM6m:YeAmownE66es7Yp/h/f3feqBkESO

Score

10^/10

njrat

Malware Config

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/njRAT.exe

Files

njRAT.zip
.zip

Password: infected
njRAT.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\algha_000\AppData\Local\Temporary Projects\EnKSaR.HaCKeR\obj\x86\Release\EnKSaR.HaCKeR.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 937KB - Virtual size: 936KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ