njrat | 2cffc41b15b6a7796cbd3a16bf127323[.]bin | Triage

Sharing

General

Target

2cffc41b15b6a7796cbd3a16bf127323.bin
Size

29KB
MD5

11fcaf739897ee4ffd359149fab4a17f
SHA1

6cb3319464dabe276015b69c60640f78cb3fda1d
SHA256

d8b677d34bcd86962054ad071ec4620bce4fb50ff93ada1be5ab212658002690
SHA512

200266feb533e3f31a79f24f444976dd9055a8afd8017b3b814b2d560d052486d6465aa29aef5a1fd50c35199ddb7bcae237a68b869171c9d69e4e52c43b837a
SSDEEP

768:BsXho28nuqaBkP5q4t5iBHvS4UsgRSx5Yb4rfzUd:2t8u3Bm8noUfYMrfzg

Score

10^/10

hacked njrat

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

7.tcp.eu.ngrok.io:14936

Mutex

ddfa0f7edcf1190a4c394097f851c263

Attributes

reg_key
ddfa0f7edcf1190a4c394097f851c263
splitter
|'|'|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/8ef09a0498e51e4696d77b493deb20b33f8b17ebb02e19586aae97cd458cf5bd.exe

Files

2cffc41b15b6a7796cbd3a16bf127323.bin
.zip

Password: infected
8ef09a0498e51e4696d77b493deb20b33f8b17ebb02e19586aae97cd458cf5bd.exe
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ