njrat | xbOnlYALvtUq[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

xbOnlYALvtUq.exe
Size

23KB
MD5

2bdc913d338e004ac337cfe9a44abc55
SHA1

29feda66e04422c0d506048ea8123771269faa82
SHA256

f2f0353f1f50aa9a76a1ab978430f1a6e85d95d8ce7ee66230beda0927863cfc
SHA512

1a05879ce853814995762bc04d758bb2d976f17215dfa0b991c487302d94fc37ac250dff6da4cd168b713f19ca116f1f6b15652ef7d49b359fba337010478721
SSDEEP

384:gcqbCK0l4h7o9SVyDGvENuh46AgJkOmMSW38mRvR6JZlbw8hqIusZzZ5p:f30py6vuxaRpcnuw

Score

10^/10

hacked njrat

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

0.tcp.sa.ngrok.io:13065

Mutex

5bfe00b9b88f2456727afb4cd20491af

Attributes

reg_key
5bfe00b9b88f2456727afb4cd20491af
splitter
|'|'|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
xbOnlYALvtUq.exe

Files

xbOnlYALvtUq.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ