njrat | 250f75c9f13a22eb5b43460ee2560141[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

250f75c9f13a22eb5b43460ee2560141.bin
Size

11KB
MD5

3ab8e8c13d2d60e1fdfa78d86f4720e6
SHA1

a7af1711d9a50eb90f479a030cdd32e524010a8f
SHA256

527796bb04346fa2f4fddc2335e34a97c3adf94cf3bc1a83377c9f3eb8be874f
SHA512

fe001827ba2ee96d95293b9f6ac73a21a81832bfc027e88166e874be254667ffe5c5928836ac95f15d37e32c4a35febd0248ea6f8111f194a196db8c84652c8a
SSDEEP

192:HMdjdvk4OBcMXKszF0uaXEJwUM5OckCigKQd8X7Kkog0mmx02YPCS7RPu3B:sH1OGAp0ubIDkQKQ+X7Kw0mp2YPCShAB

Score

10^/10

conquonlin.exe njrat

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

conquonlin.exe

C2

zrzrzrqazr.ddns.net:1177

Mutex

f29036f2b78fe8cff63fbfb3870d0cc6

Attributes

reg_key
f29036f2b78fe8cff63fbfb3870d0cc6
splitter
|'|'|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/f7fe626c300bd491051c1621e5b5e767721d4c19c172e0f5e0f82af7357e2c6d.exe

Files

250f75c9f13a22eb5b43460ee2560141.bin
.zip

Password: infected
f7fe626c300bd491051c1621e5b5e767721d4c19c172e0f5e0f82af7357e2c6d.exe
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ