njrat | RAT-BAT[.]zip | Triage

Sharing

General

Target

RAT-BAT.zip
Size

11KB
MD5

9ada8491532eb69e8b208cf4d30e5097
SHA1

669b7fad18b9d58532f35be8530e0b60f4996f99
SHA256

f6f3a159a14c0fc47c26d3a42f42dd8aaf0ab2a06a0cc9a1987e64cc14ec68af
SHA512

25ea6d3b05c834ab1e13f6ed701c8ca2f9019473d7c064710136224867e1135ddf7e39f281f45a4d5781c2d94846c5b563e386078f399c556f7ebb9d084e4069
SSDEEP

192:Du/looD+YyDq9l1BC/iQd562Gh//728zf8ese/8mq5oMOpTJw2S0jvxvZDXFOqJh:ydooqFdn5Ep71TNse/PbMOpi2LJvLOqr

Score

10^/10

dedogegod njrat

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

DeDogeGod

C2

piratebutt.ddns.net:5553

Mutex

718d42b8354776a9d2a7c9645eb796f6

Attributes

reg_key
718d42b8354776a9d2a7c9645eb796f6
splitter
|'|'|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/RAT-BAT/$pro$/Driver.exe

Files

RAT-BAT.zip
.zip

Password: ratbatep1
RAT-BAT/$pro$/Driver.exe
.exe windows:4 windows x86 arch:x86

Password: ratbatep1

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RAT-BAT/installer.txt