ServerNjrat2023[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ServerNjrat2023.exe
Size

719KB
MD5

7f5bb5f149e13e1e38dfbd92d2f1d047
SHA1

fa3f880ac6f69e51db4eb6bc5ffe26a9d9fbefa4
SHA256

b9140e271d47ba7449a6c4b90992bfd1a5e8aa4df7fba44984cf3c6f6455db32
SHA512

f18cd55f2006fc4bf5712a0e8d2cdd57ecef14174107f30d51d73ca9c652826cb2e0d588286f95d9d3c1ae29a3a52d2f6d327ad8cbd846d131df3d8579c26fa9
SSDEEP

12288:ddiZWstXCZHhjEBCpTUgT/+VZCAinfyrsRC:dsOYB9IRC

Score

9^/10

Malware Config

Signatures

Beds Protector Packer 1 IoCs

Detects Beds Protector packer used to load .NET malware.

resource	yara_rule
sample	beds_protector

Files

ServerNjrat2023.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

Tzq*:
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 553KB - Virtual size: 553KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ