njrat | a49892c7bd79b4335b59f8ec8f544459[.]exe | Triage

Submit
Reports

Overview

overview

Static

static

a49892c7bd...59.exe

windows7-x64

8

a49892c7bd...59.exe

windows10-2004-x64

8

Sharing

Static task

static1

isthg_installer njrat

1 signatures

Behavioral task

behavioral1

Sample

a49892c7bd79b4335b59f8ec8f544459.exe

Resource

win7-20220901-en

evasion persistence

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

a49892c7bd79b4335b59f8ec8f544459.exe

Resource

win10v2004-20220812-en

evasion persistence

windows10-2004-x64

5 signatures

150 seconds

General

Target

a49892c7bd79b4335b59f8ec8f544459.exe
Size

37KB
MD5

a49892c7bd79b4335b59f8ec8f544459
SHA1

869629c3bb42f333b592f5916f4abcef49c37bf8
SHA256

66a6f7a8b2694d0a48a54fad25498087f8ad9cf3095658f3bf3cc0119387e516
SHA512

8d308b4420d0387a8703c1365f5069b8820b2d4347044522c0c3933b358f821e88442ecfc3e6477d38720b74983534c8b34b94086a8c5e2c7b6c838bccd8c912
SSDEEP

384:REi1jCiMf3jBVbJsy8PR0bAoxfHvnQacpWrAF+rMRTyN/0L+EcoinblneHQM3epj:uFbJP8PR4ACHFc0rM+rMRa8NuUyt

Score

10^/10

isthg_installer njrat

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

ISTHG_installer

C2

4.tcp.eu.ngrok.io:17514

Mutex

caf7b51723a21e7326ee5dadaba9f966

Attributes

reg_key
caf7b51723a21e7326ee5dadaba9f966
splitter
|'|'|

Signatures

Njrat family
njrat

Files

a49892c7bd79b4335b59f8ec8f544459.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy