njrat | a6788b416256f073b1eded7e517b9efc[.]exe | Triage

Submit
Reports

Overview

overview

Static

static

a6788b4162...fc.exe

windows7-x64

a6788b4162...fc.exe

windows10-2004-x64

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a6788b416256f073b1eded7e517b9efc.exe

Resource

win7-20220901-en

njrat hafff evasion persistence trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

a6788b416256f073b1eded7e517b9efc.exe

Resource

win10v2004-20221111-en

njrat hafff evasion persistence trojan

windows10-2004-x64

9 signatures

150 seconds

General

Target

a6788b416256f073b1eded7e517b9efc.exe
Size

37KB
MD5

a6788b416256f073b1eded7e517b9efc
SHA1

748b30e16ad551fee8029f1070ab7c2c45c0bb15
SHA256

514cde391d2cc75f6828eba57df708470e15000b3912cc280e6f2e0f70d911b6
SHA512

3608c99f68605a1008e83dcf58cc6d48552889b804da21b0156848e2999d92294d6fdf84e3f0a2196e69ce56013bcbf02473a1d00fd37928e52cd3c9115891ce
SSDEEP

384:qLTJ9kitkZf5W9cTYXyc/jZMM6zffknvU5IrAF+rMRTyN/0L+EcoinblneHQM3e5:CJqjjTYic/jW0vU2rM+rMRa8Nuvjt

Score

10^/10

hafff njrat

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

Hafff

C2

7.tcp.eu.ngrok.io:11226

Mutex

57db514cab5ed7b35a311ee80c5f73e1

Attributes

reg_key
57db514cab5ed7b35a311ee80c5f73e1
splitter
|'|'|

Signatures

Njrat family
njrat

Files

a6788b416256f073b1eded7e517b9efc.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy