njrat | 1b849b3a778551cfdd0042b9a27f039e[.]exe | Triage

Submit
Reports

Overview

overview

Static

static

1b849b3a77...9e.exe

windows7-x64

1b849b3a77...9e.exe

windows10-2004-x64

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1b849b3a778551cfdd0042b9a27f039e.exe

Resource

win7-20221111-en

njrat hacked evasion persistence trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

1b849b3a778551cfdd0042b9a27f039e.exe

Resource

win10v2004-20220812-en

njrat hacked evasion persistence trojan

windows10-2004-x64

13 signatures

150 seconds

General

Target

1b849b3a778551cfdd0042b9a27f039e.exe
Size

37KB
MD5

1b849b3a778551cfdd0042b9a27f039e
SHA1

471b91ad96096027dbb1664f64445ea55ad0f1fd
SHA256

51eb5d29457ac2444527e05ab3be1f1dfddb47c03a91a5e91dd7b8d841c9b127
SHA512

08b0849bc320bb45e7db98cfed794d3fb37c8ab2dea88f9644e46556662015beddc900a6a575daa91ef3e05b5c3f100e50816efde5ea39fe5a5ad68340ea8440
SSDEEP

384:AuHsiDrT95hL5YyUvRD/zOo46A1zrAF+rMRTyN/0L+EcoinblneHQM3epzXONCnY:5nv5zUvRDLlA5rM+rMRa8NusNt

Score

10^/10

hacked njrat

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

8.tcp.ngrok.io:12836

Mutex

d4bd8882adf1d923d85041b354f9117b

Attributes

reg_key
d4bd8882adf1d923d85041b354f9117b
splitter
|'|'|

Signatures

Njrat family
njrat

Files

1b849b3a778551cfdd0042b9a27f039e.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy