njrat | 33ecf2d178b7296612df853464a7bfb0_JC[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

33ecf2d178b7296612df853464a7bfb0_JC.bin
Size

30KB
MD5

7ffe21916f73a6224486b4f7c15b518b
SHA1

4c7cc249599bb429dc62e4ef357cf0466ceb11ed
SHA256

be849b469a3945b8ba1cb28af2ecef04aa9da7cdd4be0bf91a2174f453f1ce1f
SHA512

c770fbb282d2bad40c9ff9d099fb144a7c2ee1db26adce22c78ca296fddfc47e79e1ca5b9f6ad2d620fe16e6351f6c7c158dac91f79786e55173f70071e8af28
SSDEEP

768:RtiRDKOBsZwxoFHuscgYav3vGAy09ZR3vIn/UxiDGb6tza:/qDRsZRFOvCGAy0DR3g/UQDI6tza

Score

10^/10

bruh njrat

Malware Config

Extracted

Family

njrat

Version

Platinum

Botnet

bruh

C2

127.0.0.1:6522

Mutex

System.exe

Attributes

reg_key
System.exe
splitter
|Ghost|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/5d0e49ac6ac322247147c86f9c1d19765f51407209ea9a044c6ac639bcebc3dd.exe

Files

33ecf2d178b7296612df853464a7bfb0_JC.bin
.zip

Password: infected
5d0e49ac6ac322247147c86f9c1d19765f51407209ea9a044c6ac639bcebc3dd.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ