njrat | 01d7dcfc0d43e1a63160c2a2b[.]exe | Triage

Sharing

General

Target

01d7dcfc0d43e1a63160c2a2b.exe
Size

30KB
MD5

01d7dcfc0d43e1a63160c2a2be09ac3b
SHA1

b153f050ed9297fe236e5112ce3b4a334b18b135
SHA256

ac458cf6d935c1fe276458fa4ed577c356a81662fc0978ed9708abd863b519c7
SHA512

cc49ba199dd2c9dce7746f46f5f9bae0bf0793b955b851d5d38afcc40708e94a18000776254207f1b6c5d1d98b1154dfd345becf037417b7351dec25b9d5dd59
SSDEEP

768:rSHMXrwpJbb2zxxO5Seqf3isfvUuQmIDUu0tirXj:rlkK9is7QVkaj

Score

10^/10

bot njrat

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Bot

C2

77.241.20.215:55915

Mutex

89a73e3948b3f7c938f6b700b2914080

Attributes

reg_key
89a73e3948b3f7c938f6b700b2914080
splitter
Y262SUCZ4UJJ

Signatures

Njrat family
njrat
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

01d7dcfc0d43e1a63160c2a2b.exe

Files

01d7dcfc0d43e1a63160c2a2b.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ