njrat | a358d74ef9b3e541519b8cc6c3ccc945[.]bin

General

Target

a358d74ef9b3e541519b8cc6c3ccc945.bin
Size

1.9MB
MD5

571365cf6f734032a06d43f03bb3b601
SHA1

265be9ef30d6290b6a29a05ef7663af61594b041
SHA256

b20f5e39f4cbdeb79e434b358f5246958b2c9be19d2879e7b76a594720162e9c
SHA512

1fec3c8dbf5c4224f66da01f1de79e5fe6b0c737e502bec9a1fbf87e54e357473f349a7f9aa2e369485b35f4ada6c3e8074026084f0ee0202771fc5931385af7
SSDEEP

49152:h9DGkVO58YqhTn3EOpQSHqF9aJP8crAHg8cj7IgH9XN:n6kV08hj3EODqF9aJUc8AN99

Score

10^/10

hackedcsgo njrat

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKedCSGO

C2

4.tcp.eu.ngrok.io:12880

Mutex

44d3068d903df9f83e44405f3baf67ee

Attributes

reg_key
44d3068d903df9f83e44405f3baf67ee
splitter
|'|'|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/70f9b661169c4320d42f92696e98c9234fb83d3f680b8b904c8856af77207ec5.exe

Files

a358d74ef9b3e541519b8cc6c3ccc945.bin
.zip

Password: infected
70f9b661169c4320d42f92696e98c9234fb83d3f680b8b904c8856af77207ec5.exe
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 928KB - Virtual size: 928KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

Size: 40KB - Virtual size: 40KB

Size: 8KB - Virtual size: 8KB

Size: 8KB - Virtual size: 8KB

.rsrc Size: 8KB - Virtual size: 8KB

Size: 2.5MB - Virtual size: 2.5MB

.data Size: 928KB - Virtual size: 928KB

.rsrc
Size: 8KB - Virtual size: 8KB

.data
Size: 928KB - Virtual size: 928KB