njrat | 1852-55-0x0000000001D50000-0x0000000001D68000-memory[.]dmp | Triage

Submit
Reports

Overview

overview

Static

static

1852-55-0x...ry.exe

windows7-x64

1852-55-0x...ry.exe

windows10-2004-x64

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1852-55-0x0000000001D50000-0x0000000001D68000-memory.exe

Resource

win7-20221111-en

njrat martina evasion persistence trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

1852-55-0x0000000001D50000-0x0000000001D68000-memory.exe

Resource

win10v2004-20220812-en

njrat martina evasion persistence trojan

windows10-2004-x64

9 signatures

150 seconds

General

Target

1852-55-0x0000000001D50000-0x0000000001D68000-memory.dmp
Size

96KB
MD5

7422e9dd48d04ea2b1a81f1ff52c21a0
SHA1

1d17433d0d21b4cec583fdfbf961006a7a4f3992
SHA256

e77a5ec54a40db742eed271bd444bb436274439aacffbd366ef7bce0e2952baf
SHA512

50b9d856da3fd0659ceb8357d7ee7c9fc3db6879504a892f55d72a9a04704d93bcbc67da102c11bcd11fd5bf76d9a603950e21d001deb00a59e138b6969fdbf7
SSDEEP

768:cCqb9glF51LRpcnuIOSp4l864t5wQZSNCDiI9/Cg4UP+NiE27k8Z:29glpLRWuI34lkwQZSNCWeSUP+No

Score

10^/10

martina njrat

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

MARTINA

C2

seznam.zapto.org:1177

Mutex

dfa26898bd7eff53ca56739e7591f510

Attributes

reg_key
dfa26898bd7eff53ca56739e7591f510
splitter
|'|'|

Signatures

Njrat family
njrat

Files

1852-55-0x0000000001D50000-0x0000000001D68000-memory.dmp
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy