njrat | b94ea2a4ba60943be5abe2b11ede9442[.]exe | Triage

Submit
Reports

Overview

overview

Static

static

b94ea2a4ba...42.exe

windows7-x64

b94ea2a4ba...42.exe

windows10-2004-x64

Sharing

Static task

static1

hacked 3losh njrat

1 signatures

Behavioral task

behavioral1

Sample

b94ea2a4ba60943be5abe2b11ede9442.exe

Resource

win7-20221111-en

njrat hacked 3losh evasion persistence trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

b94ea2a4ba60943be5abe2b11ede9442.exe

Resource

win10v2004-20220812-en

njrat hacked 3losh evasion persistence trojan

windows10-2004-x64

9 signatures

150 seconds

General

Target

b94ea2a4ba60943be5abe2b11ede9442.exe
Size

37KB
MD5

b94ea2a4ba60943be5abe2b11ede9442
SHA1

603fd44a999e270e36463b7a3cf82f30b3b3e10c
SHA256

8518b318def7cabe060d8639c6dc11076325e164a4faee7306f274a8abe1aa59
SHA512

9e03655c1fceabbcd9bd72cf44e377eb338e7b86fa942ddd3c27d91ba10c46141620eef87c402eaaf40b63df4d0370e14b1e761ac1edbbcbcbb078d36c6b95e8
SSDEEP

384:8SxcaCis//WRdL5kyc/p0P3XngacpMprAF+rMRTyN/0L+EcoinblneHQM3epzXWt:9xcUD5nc/p0f1c8rM+rMRa8Nu4nt

Score

10^/10

hacked 3losh njrat

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed 3losh

C2

0.tcp.in.ngrok.io:18640

Mutex

b96c10ee24d9b0b6dd6b3d186c6a1b2b

Attributes

reg_key
b96c10ee24d9b0b6dd6b3d186c6a1b2b
splitter
|'|'|

Signatures

Njrat family
njrat

Files

b94ea2a4ba60943be5abe2b11ede9442.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy