njrat | 0242b77912d11030997cbf549f41a61c[.]exe | Triage

Submit
Reports

Overview

overview

Static

static

0242b77912...1c.exe

windows7-x64

0242b77912...1c.exe

windows10-2004-x64

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0242b77912d11030997cbf549f41a61c.exe

Resource

win7-20220901-en

njrat dibil evasion persistence trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

0242b77912d11030997cbf549f41a61c.exe

Resource

win10v2004-20220812-en

njrat dibil evasion persistence trojan

windows10-2004-x64

12 signatures

150 seconds

General

Target

0242b77912d11030997cbf549f41a61c.exe
Size

37KB
MD5

0242b77912d11030997cbf549f41a61c
SHA1

d0fabf4bf6adff8f2ae3f827bf0a815fe00513cf
SHA256

d143d732effee86f0bc7a3862cfbc20b3ff1f0759aa997b7a8a3e5568fdd4337
SHA512

52d1b86eb23d6bca79c2752a3a5d43ac5617495a8b0a9d387492e8eef9a56067913ddb79b6dab7228bde473cdca9713d69d642f6b04eac52bbb6cd15e23c706c
SSDEEP

384:oalQmY98iM6caSGAZ0ytfBPGHlegiuIWnrAF+rMRTyN/0L+EcoinblneHQM3epzS:9QmGp2Z3tfBPGk9udrM+rMRa8NuW/t

Score

10^/10

dibil njrat

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

Dibil

C2

7.tcp.eu.ngrok.io:18097

Mutex

7bb786d3a71613dbb1f2bee12d98405a

Attributes

reg_key
7bb786d3a71613dbb1f2bee12d98405a
splitter
|'|'|

Signatures

Njrat family
njrat

Files

0242b77912d11030997cbf549f41a61c.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy