njrat | Payload[.]exe | Triage

Sharing

General

Target

Payload.exe
Size

27KB
MD5

8ab054d88fcdce1bc76e2ae57464a09b
SHA1

9995afbba5a6b346fcfd66eee2f335130a1311c0
SHA256

7e0116704c18518cb8f6a60fb00aa9440e61c079701bf816b52c155c748eda48
SHA512

5944fb371c6d70b97c9325a057e1b741f00db8dfbf43f3366c1cdf13c7f9fd8acda67f77e329394444f8fe4d6a45eae55bb77084d869eba8c33940cd3cf591ce
SSDEEP

384:qLLQKJ3buZjmgERA40DwoyumGPiJRjMFAQk93vmhm7UMKmIEecKdbXTzm9bVhcag:0MK5buQE40fLFA/vMHTi9bD

Score

10^/10

victim njrat

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

Victim

C2

147.185.221.181:51752

Mutex

Windows

Attributes

reg_key
Windows
splitter
|-F-|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Payload.exe

Files

Payload.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ