discordrat | for virutotal ni[.]zip

General

Target

for virutotal ni.zip
Size

45KB
MD5

1a2368d23f8d860cdfc3ba6bb18536fa
SHA1

cda69dd2f3e6ef00adf3dceb7f403c95030376a7
SHA256

37882f4164207e92923b63e30c96fa762833603f0967f65102be70b605c631f3
SHA512

c030a4c906ed7bb9ae40c0b12f1c000225986fcd79b68f3c4a51eddc9b16614e37dc055ccd113ab598ebd0c37069eba81d52a74d1a40b01dfdf7a02a54fc1499
SSDEEP

768:8g/qN7Df5msVdlrz4XqaKScBdmFITsH9y4FtYs74yRybclk1gz/b75yB4PGyEvkB:rqh5tVvrk6icBd6EsdyjskGrlggv9yBY

Score

10^/10

farted discordrat njrat

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI5OTA1NDUwMzg1Mjc3MzQ3OQ.Gam-5g.mMYt_UiACKf3lceb5vBDHE9GHZi685c16_84bo
server_id
1299046739898011668

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

farted

C2

127.0.0.1:5552

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Signatures

Discordrat family
discordrat
Njrat family
njrat

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/for virutotal ni/Client-built.exe
unpack001/for virutotal ni/free robux.exe

Files

for virutotal ni.zip
.zip
for virutotal ni/Client-built.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
for virutotal ni/free robux.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 76KB - Virtual size: 76KB

.rsrc Size: 1KB - Virtual size: 1KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 41KB - Virtual size: 40KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 512B - Virtual size: 12B

.text
Size: 76KB - Virtual size: 76KB

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 41KB - Virtual size: 40KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 512B - Virtual size: 12B