njrat | testagain4[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

testagain4.exe
Size

74KB
MD5

17aab2874fb392a8de6bcccacb49a11e
SHA1

860dff68b9aa1ccd3f8163275b6f129b84209d3b
SHA256

a05986903fb3243542ff77a2f0c519feab26eb689b0df5c14de87a7e1e765de1
SHA512

c4c1bcffab73a97832d77f0ec86297fb031143a3329d4d63ccdd22ebfcffae3f0b3efc41e6910882ba019221c3d1a8cfc027b431814ab8ecb12519e9f9757702
SSDEEP

768:fw9iHpR9Efr58AClSgrM+rMRa8NualtSK:I0HpRyD5Ak7+gRJNB

Score

10^/10

vmsogood njrat

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

VMSOGOOD

C2

88.121.74.181:75

Mutex

fdc345ac8fe461185071610105e2bca6

Attributes

reg_key
fdc345ac8fe461185071610105e2bca6
splitter
|'|'|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
testagain4.exe

Files

testagain4.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ