njrat | 1f1271c5231cbf3607551edfa424692b[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1f1271c5231cbf3607551edfa424692b.bin
Size

11KB
MD5

36edb0c886d62a8ea63142b5b756ca34
SHA1

0c96d1561fcd088d4323508b6024c80441af58da
SHA256

ae30f4766fdfe0219c76ab443d5a1d9c4aef2508f1c82327a3e28f1b4da41465
SHA512

cf15190b8ebffc15659b2fa68f267bb15a20e3e6a7563adb2b0308dbb2843ae3f659d6a7bb3f1c4bea366cc0a2fb177814c611f6f2876c67c1827f750b02acb1
SSDEEP

192:NlN+xjCHSwVHJm7JxVRwYmZyVeETTWXza53N6dIcrqpnZgkJiG5xe/:vN+xjahqxViYzec8dIJHtJib

Score

10^/10

hacked njrat

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

0.tcp.ap.ngrok.io:17648

Mutex

793ae16d5475d442620d0296f46b356e

Attributes

reg_key
793ae16d5475d442620d0296f46b356e
splitter
|'|'|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/d22ce6ecc2f98d7507f41b3e43af3b08e8aad02f3cc7740bc77812931c3f7ab1.exe

Files

1f1271c5231cbf3607551edfa424692b.bin
.zip

Password: infected
d22ce6ecc2f98d7507f41b3e43af3b08e8aad02f3cc7740bc77812931c3f7ab1.exe
.exe windows:4 windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ