njrat | ExcenSC[.]exe | Triage

Resubmissions

27-08-2023 15:40

230827-s3887aba84 10

27-08-2023 15:39

230827-s35k1acg91 10

27-08-2023 15:39

230827-s3w9macg9x 10

27-08-2023 12:17

230827-pf6b8shd87 10

27-08-2023 12:17

230827-pf3akshd86 10

27-08-2023 12:16

230827-pfzvfshd85 10

27-08-2023 12:16

230827-pfsfdabc8w 10

27-08-2023 12:16

230827-pflylahd84 10

27-08-2023 12:16

230827-pfgc4sbc8v 10

27-08-2023 12:15

230827-pfc1pahd83 10

Sharing

General

Target

ExcenSC.exe
Size

93KB
MD5

caa7446c3e832a53be9336da30627217
SHA1

fd6476edb0eada6f521ff9f22b58ea9ae5e1e957
SHA256

35088ea25301db3dab3752a3ab02332083339080a3f8c8fd253b70607492aa26
SHA512

330724395111ff77e43b172f62a30f22c7305125924d1ca9ac0977ad622794075ae5f07fc494ebb01ce886597436332d35dac711a7f3d228b47fe111da92f3d7
SSDEEP

768:cY3yGL30YTXspgM0m2zGjpyDtdXWuxtXYLWhyXxrjEtCdnl2pi1Rz4Rk3ysGdpq3:eGD0AA0mT1mrWxL5jEwzGi1dDODqgS

Score

10^/10

mamasita njrat

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

mamasita

C2

hakim32.ddns.net:2000

ago-shopper.gl.at.ply.gg:33932

Mutex

e9b5d9adb3bd2d12b3b209e6217534e3

Attributes

reg_key
e9b5d9adb3bd2d12b3b209e6217534e3
splitter
|'|'|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ExcenSC.exe

Files

ExcenSC.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ