njrat | 3abfc6292bc8f258ca191672a89850f0[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3abfc6292bc8f258ca191672a89850f0.bin
Size

21KB
MD5

e5b36a6c6a3e6e3550b7480f3b0e2e2b
SHA1

3f895bd54d0f2196a9bc0f84050f1cd51da5ee58
SHA256

ddd6ff3739473364c9abaab9988d64e9e6df196d007a033fe39c41b55d3e3e7d
SHA512

1b9b40efdbd39d025c16abca18233d8523dd154040dd141954ebedc3798c5da727511db3a1e8b4910603ba433d2094506a0c0fbf75c2b14ca7fe27896c95781a
SSDEEP

384:GT0g1uPuVgUmSWO8XTCdanNlmISo0r63Nq+YGINzrEn7QWC4W8W4YIiw+5A4A:OAGt6TCANxSzrX+darE7FdW4YIiwGRA

Score

10^/10

hacked njrat

Malware Config

Extracted

Family

njrat

Botnet

HacKed

Mutex

53$79$73$74$65$6d$33$32

Attributes

reg_key
53$79$73$74$65$6d$33$32
splitter
|-F-|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/0425c530b0e7b99ed34035e4eba3a33264cd0b589000c1472fd046271d23b117.exe

Files

3abfc6292bc8f258ca191672a89850f0.bin
.zip

Password: infected
0425c530b0e7b99ed34035e4eba3a33264cd0b589000c1472fd046271d23b117.exe
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ