njrat | tmp[.]001[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

tmp.001.exe
Size

65KB
MD5

ef86eb422095a067550590f3ce40583d
SHA1

5889066ac30ed272d52113c69dea0e65d42898c0
SHA256

0f270ccc7597650de906903487f2d69db834e84997a28e93115564cdf789d967
SHA512

2cda11adef5c989c5192e24ebad1af27493e9b71daecb52599e2e57dcf707f6e9e7a11455f848711ccb6a0a2ce1eae44701df733730570d8f1aa9cee39a52414
SSDEEP

1536:rsN8sAoN36tyQviFw1Iv/nyBnvbsfLteF3nLrB9z3nNaF9bES9vMk:rsN8roN36tyQviFCU/yBnAfWl9zdaF9f

Score

10^/10

hacked njrat

Malware Config

Extracted

Family

njrat

Version

Platinum

Botnet

HacKed

C2

127.0.0.1:54077

Mutex

audiodg.exe

Attributes

reg_key
audiodg.exe
splitter
|Ghost|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
tmp.001.exe

Files

tmp.001.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ