njrat | 35d4264774c89f07b6014992729dc645 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

35d4264774c89f07b6014992729dc645
Size

18KB
MD5

35d4264774c89f07b6014992729dc645
SHA1

b8038a42765f9687b2cc8d292b5483b524757c8f
SHA256

ab6d0ee3bcfd4acbe64e0674eb224dff267ff52b5457fd8392674e86963925d3
SHA512

5e23129c3c9431dcbf9805138bb5e5e828f545887016d0499b3a9d75edb587cb8b09506b2755f5450f088e8fd4b3873b4356e6d0dbf93545a4f9cb723c802136
SSDEEP

384:mzIIQ2aGQ1urOcffv4gZxMNyTbFeaF2U:Us2TOm395lFP

Score

10^/10

njrat

Malware Config

Extracted

Family

njrat

C2

anony.linkpc.nrt:4040

Mutex

system

Attributes

reg_key
system
splitter
|S400|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
35d4264774c89f07b6014992729dc645

Files

35d4264774c89f07b6014992729dc645
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ