njrat | fffc2c71cd0c13f32c78ad90d65ea913[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fffc2c71cd0c13f32c78ad90d65ea913.bin
Size

30KB
MD5

a3972470592d0c7ded628f5be78ee19f
SHA1

f06e7f397fe1f39ffa5ae465a26041c484d54d74
SHA256

b6fa3c728099b7cb62d4233b05cede280abf401ae7fcb6ac7e28a8de3cb4bb28
SHA512

93050efa00cb13caee0ba967e24914c275c23a2e108e2eea51c347116bfce909f2aba08b91a4b7a4dc9cc3d349be51115a4740d70c4b7ec1eb487e7ae29d9b48
SSDEEP

768:VnoQY4x3wwwvRGPCzaW4+yHcnVu/nj5FToBJ:Vnozw8C+JU75FTor

Score

10^/10

hacked njrat

Malware Config

Extracted

Family

njrat

Version

Platinum

Botnet

HacKed

C2

127.0.0.1:11793

Mutex

Viber.exe

Attributes

reg_key
Viber.exe
splitter
|Ghost|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/9f0cb564a338eae1cfe8bb2af269cf3dcb0c3d595e88396d59d127d36bc566da.exe

Files

fffc2c71cd0c13f32c78ad90d65ea913.bin
.zip

Password: infected
9f0cb564a338eae1cfe8bb2af269cf3dcb0c3d595e88396d59d127d36bc566da.exe
.exe windows:4 windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

mscoree

_CorExeMain

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ