njrat | 1dfe93c432a71787bec625e9f37aea5c[.]bin | Triage

Sharing

General

Target

1dfe93c432a71787bec625e9f37aea5c.bin
Size

16KB
MD5

b8b7d5901e3d154cf29c3c15cc7b0c55
SHA1

4ec5cf661414d7648a1f01be8e205599fb231788
SHA256

27bcc83e55ca83e33a375fe0a8ab8a11a2c270bc2fb3d25db8a1bae913dd2ce0
SHA512

1a7f80d1b761a6cffe8dffefd13f4a319bba37230984f6a081dca0bbb98e22f3bd61420d232dd0c56eb13b901d4e38af244e36b5dfebf2e105b513766809386a
SSDEEP

384:UjK5ScHNLpyOAuFxx9VMF/ot5yKNvYDwfKyz96v2zfpFX:UG5ZNAUf9GyhQUKym2nX

Score

10^/10

hacked njrat

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

0.tcp.eu.ngrok.io:16261

Mutex

0dfab35b0ccfd955e7d94fa1f5dce520

Attributes

reg_key
0dfab35b0ccfd955e7d94fa1f5dce520
splitter
|'|'|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/a01ef3fdd7c3df2e845dca28c37e9244cb1823c655da892ff5d5dacb9db70afd.exe

Files

1dfe93c432a71787bec625e9f37aea5c.bin
.zip

Password: infected
a01ef3fdd7c3df2e845dca28c37e9244cb1823c655da892ff5d5dacb9db70afd.exe
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ