njrat | rat[.]exe | Triage

Sharing

General

Target

rat.exe
Size

66KB
MD5

72987a53a20a02db52b99bef93b8f8d5
SHA1

5420c2604ba7452c3f63d1e50ceb2509988c683f
SHA256

51ae8485f908401efbd60cab4b561dc3932cc8e938e6f700974eec5bf63d8367
SHA512

bc75e62d94ba41bd05fbff75a84ed18e38c3db1e680d25ff837e0e678ce2e4520c157541dcee6b366ae0d5be93efa601a852258f2d1e71ae5115c7a901f6b5e5
SSDEEP

1536:FRjSzePoN36tkQviFw1K3jwBnvAsfLteF3nLrB9z3nxaF9bXS9vMQ:F5SzePoN36tkQviFC+UBnrfWl9zBaF9Q

Score

10^/10

mybot njrat

Malware Config

Extracted

Family

njrat

Version

Platinum

Botnet

MyBot

C2

127.0.0.1:54077

Mutex

wsappx.exe

Attributes

reg_key
wsappx.exe
splitter
|Ghost|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
rat.exe

Files

rat.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ