njrat | 1da2f65a4c1f57b90fa065ee82287e5b[.]exe | Triage

Submit
Reports

Overview

overview

Static

static

1da2f65a4c...5b.exe

windows7-x64

1da2f65a4c...5b.exe

windows10-2004-x64

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1da2f65a4c1f57b90fa065ee82287e5b.exe

Resource

win7-20220812-en

njrat hacked evasion persistence trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

1da2f65a4c1f57b90fa065ee82287e5b.exe

Resource

win10v2004-20221111-en

njrat hacked evasion persistence trojan

windows10-2004-x64

12 signatures

150 seconds

General

Target

1da2f65a4c1f57b90fa065ee82287e5b.exe
Size

3.5MB
MD5

1da2f65a4c1f57b90fa065ee82287e5b
SHA1

18a9fe1baa48490cc36500f0a2cb55da28dc5377
SHA256

e78920978425db126e160c542a0d61172f5805efb238b50e964d523baba1ef14
SHA512

8345643fdcbe74cf90237c7e860ce584d0246c8ddb3a3be726c9ad855db5157ad588ce25d00655ce093a1703d2f1c9067c5344d3543a7cb28459626825a4fe5e
SSDEEP

49152:U/Sok+OKQUADbH8wYpT2IQ5nKIrKwpt0dmCnlg3VdStsQ:Uy7U25XIkVFclg3VdS/

Score

10^/10

hacked njrat

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

Hacked

C2

2.tcp.eu.ngrok.io:15410

Mutex

02d0575227ba92022bafdbb39fbaddf2

Attributes

reg_key
02d0575227ba92022bafdbb39fbaddf2
splitter
|'|'|

Signatures

Njrat family
njrat

Files

1da2f65a4c1f57b90fa065ee82287e5b.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.random
Size: 912KB - Virtual size: 912KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy