njrat | 333ef8b5d7f648a3d3cbf8866e6f10352d99d79f5d40e70badd973cfec08b2ce[.]zip

General

Target

333ef8b5d7f648a3d3cbf8866e6f10352d99d79f5d40e70badd973cfec08b2ce.zip
Size

20KB
MD5

df42450c8b83573207a5fbb800f57e06
SHA1

d28ade74fe2c76e32389f101dc6a768a261b04b7
SHA256

333ef8b5d7f648a3d3cbf8866e6f10352d99d79f5d40e70badd973cfec08b2ce
SHA512

4806a4c83c94db4172872b8b242baf28848cf52b4932146ca9c614f1ef161a35af50db109191107eaa746f05f5a07fe9ec21a22244fb72e280cd421c117bb91c
SSDEEP

384:DQKoJT2ahAMFUO3kZPVBHZaqNRMefPjZc78YyONBGAK8We:DQTV2ahYOUZVB5WUjZvYyyBXx

Score

10^/10

njrat

Contains code to disable Windows Defender 1 IoCs

A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

resource	yara_rule
static1/unpack001/91861078428f6a75b48234afabc50176c5fa013949cd6f5910ed619ba0f6c103.dll	disable_win_def

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/91861078428f6a75b48234afabc50176c5fa013949cd6f5910ed619ba0f6c103.dll

333ef8b5d7f648a3d3cbf8866e6f10352d99d79f5d40e70badd973cfec08b2ce.zip
.zip

Password: infected
91861078428f6a75b48234afabc50176c5fa013949cd6f5910ed619ba0f6c103.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\FC\Desktop\SRC - S400 RAT v 1.0 by FC\ClientLibrary\ClientLibrary\obj\Debug\ClientLibrary.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ