njrat | Payload[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Payload.exe
Size

232KB
MD5

67fe2dfc362853acc9d31ea6a11feb6c
SHA1

b6f8bdfa59c32b6e2185aabfc77df1c79859ca8b
SHA256

63c8b727ecd3b0b91b505fa66f54035bf370dfa0174fac34633c50d49e3ffb19
SHA512

6c712fe13bd36070c3602203cd13ff4413816a49c1cf09b3cb92fb007f6d7a81f62c4fdb8cb064ecec1af22749c4fa1c942b25bd023f6833597b2d1b21d8c033
SSDEEP

3072:mgPYi9bKkVlVIG/Ckm00000000000Mv00000000000PW0GvaRaLJsL3SPUdLKtIS:Rj9bKklIYG90GSCJsLc

Score

10^/10

lol njrat

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

lol

C2

16.ip.gl.ply.gg:3958

Mutex

Windows

Attributes

reg_key
Windows
splitter
|-F-|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Payload.exe

Files

Payload.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 206KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ