njrat | Client[.]exe | Triage

Sharing

General

Target

Client.exe
Size

31KB
MD5

fc89e19ca22dec3c9b008dfafc051f06
SHA1

9894ab0047c9dbaa91d264391f12cd2d3b572be6
SHA256

ca042c8f01daaca81b858f79f99eae7289ef016617d685088fcfc7244a24eb0e
SHA512

2d547fefb20fc88bc68e2c043a48baafb8e76d067354e19dd212c0e4ef4799634894318d0e3b66919cc5fffb0c939a9a7e0c93a918b853ea2dac7b8af7a0cc34
SSDEEP

768:8uXXOYoZhjYOzx5+1vB/WDeRAnv7jkQmIDUu0ti88j:NXT838JQ3kQVk4j

Score

10^/10

mybot njrat

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

MyBot

C2

frank-arguably-shepherd.ngrok-free.app:5552

Mutex

38187be72a4de67176e62a8c16dbe278

Attributes

reg_key
38187be72a4de67176e62a8c16dbe278
splitter
Y262SUCZ4UJJ

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Client.exe

Files

Client.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ