njrat | 8533ef6f79e259e9e5fe7c28f1fcd372[.]exe | Triage

Submit
Reports

Overview

overview

Static

static

8533ef6f79...72.exe

windows7-x64

8533ef6f79...72.exe

windows10-2004-x64

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8533ef6f79e259e9e5fe7c28f1fcd372.exe

Resource

win7-20221111-en

njrat hacked evasion persistence trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

8533ef6f79e259e9e5fe7c28f1fcd372.exe

Resource

win10v2004-20220901-en

njrat hacked evasion persistence trojan

windows10-2004-x64

9 signatures

150 seconds

General

Target

8533ef6f79e259e9e5fe7c28f1fcd372.exe
Size

227KB
MD5

8533ef6f79e259e9e5fe7c28f1fcd372
SHA1

48c1f9b2a798a374b6e8c2e5fb655c19e5fa2ed3
SHA256

bbc8cabc1ba4f81d1ee316d3869ed8e61c91840cb533abee708a3099ab196470
SHA512

533facb9e64028915336f7a7035e726409279309b05d2cf1e6def878513a85f49a9119f09e53bcc8371ff5bc8f91474b67934773e3c6a7ad12c3778ffa3f2697
SSDEEP

3072:HSuZ00DVrF1rVcCPP+Tl6Ws5cUYTMExjHSTdMTfNlx35eRPG+79IwGrpc:J/2TAcZyOjNlri7Ww

Score

10^/10

hacked njrat

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

h43vipforyou.ddns.net:1177

Mutex

869b16e2825dce24066aba38ee1a9add

Attributes

reg_key
869b16e2825dce24066aba38ee1a9add
splitter
|'|'|

Signatures

Njrat family
njrat

Files

8533ef6f79e259e9e5fe7c28f1fcd372.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 205KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy