njrat | 0x0008000000012699-64[.]dat | Triage

Submit
Reports

Overview

overview

Static

static

0x00080000...64.exe

windows7_x64

0x00080000...64.exe

windows10-2004_x64

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

0x0008000000012699-64.exe

Resource

win7-20220414-en

njrat hacked evasion persistence suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

0x0008000000012699-64.exe

Resource

win10v2004-20220414-en

njrat hacked evasion persistence suricata trojan

windows10-2004_x64

0 signatures

0 seconds

General

Target

0x0008000000012699-64.dat
Size

37KB
MD5

333baef68bf06e2bff8c785f9120559d
SHA1

b605cc35ec178240b1150a81d73e58d1d9417bac
SHA256

4d62a9ab6abeeafd08fc299581c0910c36ccf64178c16fc06b4a57a48858e1d4
SHA512

0ba29d931b3166c4d334cd45f02cc053efbe2f1db3dc844a43e8f9b12a6efea3d73d45d49ab048fdd7b21495b8bbe1929b560ead99890d88f02b99fda186c1cc
SSDEEP

384:pcySKMizdjjnBhFbJ8ycPfpXxtwqKVZrAF+rMRTyN/0L+EcoinblneHQM3epzXby:yySgjlLJfcPfpP9K7rM+rMRa8NuFmt

Score

10^/10

hacked njrat

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

51.89.91.139:5050

Mutex

5db0afc818875fbd9be3e842f2d3f24b

Attributes

reg_key
5db0afc818875fbd9be3e842f2d3f24b
splitter
|'|'|

Signatures

Njrat family
njrat

Files

0x0008000000012699-64.dat
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy