njrat | 5f5fadb99530f4044ab88a00c859f79a[.]bin | Triage

Sharing

General

Target

5f5fadb99530f4044ab88a00c859f79a.bin
Size

16KB
MD5

e62008cf7b4149600cce94f8719d7681
SHA1

3a2d39ddf5c216cde0949bbc453715f1a4fec195
SHA256

9c4c43d0325e17c6b3a6139b2ad3cc8655d1b24dd7f8834cb8913eab79652ef7
SHA512

81e632d62883c9f90104d58cde3e91af8d34c534315d0945cacca3c9adea66bb3ddec31ea6705ed0339c9c4c494fda4f6306b7f3360f4057759acb6175503a40
SSDEEP

384:S191IrwVZup59WJiyG/TaLEDNq+T3QwglLU/8z4zrSgfzvhFoex/:SqwmWJiyKaLKp3QwglLHdevh2Q

Score

10^/10

kel njrat

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

kel

C2

0.tcp.eu.ngrok.io:17651

Mutex

96d5d3d1f73c2741ba26623034dd1053

Attributes

reg_key
96d5d3d1f73c2741ba26623034dd1053
splitter
|'|'|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/6773ea6f9bc7dcc39175a5e6cc0ff7b44bc974d371d51fd83e8c89d3a8f345a8.exe

Files

5f5fadb99530f4044ab88a00c859f79a.bin
.zip

Password: infected
6773ea6f9bc7dcc39175a5e6cc0ff7b44bc974d371d51fd83e8c89d3a8f345a8.exe
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ