njrat | 1cf29dc99e1bd358eb6a6a51bd99c842[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1cf29dc99e1bd358eb6a6a51bd99c842.exe
Size

31KB
MD5

1cf29dc99e1bd358eb6a6a51bd99c842
SHA1

d84403c190f1cfe20d22906a1b821a0340da170b
SHA256

f7b1f59d4c4e68848083a7d5310653e6a77505f01182284df5c2205c9ed32af0
SHA512

dbeb8502a7a90bc6eefbc0b6bed3e878f233a6f631aea579b91af5113a4805fc88b4b648b56829b6a8d8f5065f20ca34da030192cb551c2842c447f0db421e0e
SSDEEP

768:R95CBKdTtrUzxf6vJA2nO39vYSQmIDUu0tiAuj:kaorpPQVkaj

Score

10^/10

задача njrat

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

задача

C2

2.tcp.eu.ngrok.io:11920

Mutex

4bbf6a18724c0ec4d9219a835522a11d

Attributes

reg_key
4bbf6a18724c0ec4d9219a835522a11d
splitter
Y262SUCZ4UJJ

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1cf29dc99e1bd358eb6a6a51bd99c842.exe

Files

1cf29dc99e1bd358eb6a6a51bd99c842.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ