njrat | bEiR[.]exe | Triage

Submit
Reports

Overview

overview

Static

static

bEiR.exe

windows7-x64

8

bEiR.exe

windows10-2004-x64

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

bEiR.exe

Resource

win7-20220812-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

bEiR.exe

Resource

win10v2004-20220812-en

njrat evasion trojan

windows10-2004-x64

4 signatures

150 seconds

General

Target

bEiR.exe
Size

23KB
MD5

b4355ec0815354965333f61ef03df0b4
SHA1

a7ec0778d34b932de187d90c92e3af10b31088a2
SHA256

b5a11b8a198e261609192e65ad1ef746cd2a87b1b94d99d6fb562c2437471303
SHA512

6e43e7a33fb0e16999d48938fbc229cfc7367570f391a876be0df07df16f1038e118c59b7b68a767fb8bf9086dd1d620dca58e0b23e221842909f671ac047c99
SSDEEP

384:NweXCQIreJig/8Z7SS1fEBpng6tgL2IBPZVmRvR6JZlbw8hqIusZzZTu:yLq411eRpcnu1

Score

10^/10

hacked njrat

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

windowsii.duckdns.org:5552

Mutex

85faf5c90182f6391d389f3f4afec300

Attributes

reg_key
85faf5c90182f6391d389f3f4afec300
splitter
|'|'|

Signatures

Njrat family
njrat

Files

bEiR.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy