njrat | tes2t[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

tes2t.exe
Size

103KB
MD5

687f3a96aca59c2749542ae85f2ab264
SHA1

f3f862574df36c956a3e125af4a447bfe48ce3e5
SHA256

8f8440b46a34b4c2cb1f4e4bb47e44ff638e081a64e6a3ef0ec513841406f16b
SHA512

f62c9cb7f24bc6db551c1f3ebf25a2fccbfbf60c7ed8c403504e164bdb3cdbbcff057125cdd29c075ad5d117b74dc5889a7e32286145fa7c31b0a5cfe9efdf6c
SSDEEP

3072:gcDn7MBJDCwsNMDwXExI3pm0GZpftMLBzP9yZs15l:gcnacvMa4KLBzPwZG

Score

10^/10

client njrat

Malware Config

Extracted

Family

njrat

Version

<- NjRAT 0.7d Horror Edition ->

Botnet

Client

oxy01.duckdns.org:6522

Mutex

aff7a111f7a5dc993e55ad4fd0ae0722

Attributes

reg_key
aff7a111f7a5dc993e55ad4fd0ae0722
splitter
Y262SUCZ4UJJ

Signatures

Njrat family
njrat

Files

tes2t.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8d
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/05/2022, 19:23

Not After

04/05/2023, 19:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8d
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/05/2022, 19:23

Not After

04/05/2023, 19:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

28:cc:3a:25:bf:ba:44:ac:44:9a:9b:58:6b:43:39:aa
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/06/2010, 21:57

Not After

23/06/2035, 22:04

Subject

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

58:12:c0:e8:2b:45:d4:69:6c:b9:5f:6f:38:c1:15:6e:60:e9:85:cb:1e:2c:66:c0:cb:30:f0:85:c1:dc:bb:5b
Signer

Actual PE Digest

58:12:c0:e8:2b:45:d4:69:6c:b9:5f:6f:38:c1:15:6e:60:e9:85:cb:1e:2c:66:c0:cb:30:f0:85:c1:dc:bb:5b

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

23/03/2023, 16:06
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8dCertificate

Extended Key Usages

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8dCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

28:cc:3a:25:bf:ba:44:ac:44:9a:9b:58:6b:43:39:aaCertificate

Key Usages

58:12:c0:e8:2b:45:d4:69:6c:b9:5f:6f:38:c1:15:6e:60:e9:85:cb:1e:2c:66:c0:cb:30:f0:85:c1:dc:bb:5bSigner

Signature Validations

Verification

23/03/2023, 16:06 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 53KB - Virtual size: 52KB

.rsrc Size: 1024B - Virtual size: 576B

.reloc Size: 512B - Virtual size: 12B

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8d
Certificate

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8d
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

28:cc:3a:25:bf:ba:44:ac:44:9a:9b:58:6b:43:39:aa
Certificate

58:12:c0:e8:2b:45:d4:69:6c:b9:5f:6f:38:c1:15:6e:60:e9:85:cb:1e:2c:66:c0:cb:30:f0:85:c1:dc:bb:5b
Signer

23/03/2023, 16:06
Valid: false

.text
Size: 53KB - Virtual size: 52KB

.rsrc
Size: 1024B - Virtual size: 576B

.reloc
Size: 512B - Virtual size: 12B