NullRAT-source[.]zip

Resubmissions

12-10-2024 05:27

241012-f5h4kazgll 8

Sharing

Copy URL

Twitter E-mail

General

Target

NullRAT-source.zip
Size

546KB
MD5

159cb845b37f6935d4f9f23f2b7cf753
SHA1

70363a2e76f34d06f100f2fe110986e59ff59cc8
SHA256

52084aedb0e8da9ccb921e1f3430cad80c7ef56217dffbeec9caee0a9ff85e14
SHA512

1b00b4683c846f43c94c8d72fa6ed0563cbf8d032f51045b574facefb6e8ddb3ea103a66e2848fc266e74842d24b9c55b66dfb6401bfd818d3adf686e488de15
SSDEEP

12288:ntlemY9q6RD8cvKRBhSXYLZIrY1GvryVVDMTzmWWY9ps5Jm:tX6aBLwDy7YT6pY9p6m

Score

8^/10

upx

Malware Config

Signatures

Patched UPX-packed file 1 IoCs

Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

resource	yara_rule
static1/unpack002/out.upx	patched_upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/NullRAT-source/NullRAT/upx/upx.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/NullRAT-source/NullRAT/upx/upx.exe
unpack002/out.upx

Files

NullRAT-source.zip
.zip
NullRAT-source/.gitignore
NullRAT-source/Getting Variables.md
NullRAT-source/NullRAT/RAT.py
NullRAT-source/NullRAT/custom_icon.ico
NullRAT-source/NullRAT/modules/ChangePass.py
NullRAT-source/NullRAT/modules/checkedtokens.py
NullRAT-source/NullRAT/modules/clipboard.py
NullRAT-source/NullRAT/modules/create_new_module.py
NullRAT-source/NullRAT/modules/directory.py
NullRAT-source/NullRAT/modules/geolocate.py
NullRAT-source/NullRAT/modules/getenv.py
NullRAT-source/NullRAT/modules/hideFile.py
NullRAT-source/NullRAT/modules/rawtokens.py
NullRAT-source/NullRAT/modules/receivefiles.py
NullRAT-source/NullRAT/modules/runfile.py
NullRAT-source/NullRAT/modules/screenshot.py
NullRAT-source/NullRAT/modules/sendfiles.py
NullRAT-source/NullRAT/modules/shell.py
NullRAT-source/NullRAT/modules/startup.py
NullRAT-source/NullRAT/modules/systeminfo.py
NullRAT-source/NullRAT/modules/tasklist.py
NullRAT-source/NullRAT/modules/unhideFile.py
NullRAT-source/NullRAT/modules/webcam.py
NullRAT-source/NullRAT/modules/wifiList.py
NullRAT-source/NullRAT/modules/wifiPass.py
NullRAT-source/NullRAT/upx/upx.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 515KB - Virtual size: 516KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 1016KB - Virtual size: 1016KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
NullRAT-source/README.md
NullRAT-source/VERSION
NullRAT-source/compiler.nim
.js

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.7MB

UPX1 Size: 515KB - Virtual size: 516KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 1016KB - Virtual size: 1016KB

.data Size: 2KB - Virtual size: 2KB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.bss Size: - Virtual size: 12KB

.idata Size: 4KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 56B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 1KB - Virtual size: 1KB

UPX0
Size: - Virtual size: 1.7MB

UPX1
Size: 515KB - Virtual size: 516KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 1016KB - Virtual size: 1016KB

.data
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.bss
Size: - Virtual size: 12KB

.idata
Size: 4KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 56B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 1KB - Virtual size: 1KB