njrat | qweroaoal[.]exe | Triage

Resubmissions

15/08/2023, 22:36

230815-2jkwxsdg65 10

Sharing

Copy URL Twitter E-mail

General

Target

qweroaoal.exe
Size

37KB
MD5

59059fe28a539c3aae1eda4964374c57
SHA1

850f9f980f2a220c49379a61d51766f84c8dbda3
SHA256

324eb8521bba09aae9dba89f50598f773952e02d95d56e52000f0297795e44a5
SHA512

f4113b0f9c2e428eefac80211f54d4c6f0eadf4e653139f446f35a00cfd3c1f0a23ce09d45636e115c07495268df8f97e576ca15a2d3cd62403d7ab1cb9ea82b
SSDEEP

384:JLIcWqi0JXSYOI49KylT4q6BPhysGGD/rAF+rMRTyN/0L+EcoinblneHQM3epzX:NXc95lTd6BYlGzrM+rMRa8NudMt

Score

10^/10

collabvm njrat

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

CollabVM

C2

supply-recorders.gl.at.ply.gg:17116

Mutex

1c1985aba5275048715ed2a8af60f5ce

Attributes

reg_key
1c1985aba5275048715ed2a8af60f5ce
splitter
|'|'|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
qweroaoal.exe

Files

qweroaoal.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ