njrat | ba992f195c2a1517afe0bddd513459e5[.]zip | Triage

Sharing

General

Target

ba992f195c2a1517afe0bddd513459e5.zip
Size

14KB
MD5

0eeb5e0ebdc755ffdf4a982637254920
SHA1

841bf32a144d88646ca24bf4af62c09894d27db0
SHA256

0758e53d6b07251f297cc0bec963439af0e26e46e8878660514eb3befdc89b1d
SHA512

4d098cb447cde0771ebd26698f41e7b6101d00e0b8500dbd0f227cb091c36f29420faecdba2565b33b99f5eb7302daaed90c42eb15d42d8cba68a5ff39496389
SSDEEP

384:pHAUB8+KSJu+JXf6IG1Kbg3ZV3c5/0NZJapPcknV:pNZX+1KbEVFaKknV

Score

10^/10

njrat

Malware Config

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/5a37df41c699de4db40cce4ccb3bd9388a1cfb9691b803572effd6bf01a42514

Files

ba992f195c2a1517afe0bddd513459e5.zip
.zip

Password: infected
5a37df41c699de4db40cce4ccb3bd9388a1cfb9691b803572effd6bf01a42514
.exe windows:4 windows x64 arch:x64

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Administrator\Desktop\ADD\ADD\obj\Debug\ADD.pdb

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ