njrat | 0fbd44c0822387461816967898b57865[.]exe | Triage

Sharing

General

Target

0fbd44c0822387461816967898b57865.exe
Size

636KB
MD5

0fbd44c0822387461816967898b57865
SHA1

5bdff7cd36e866e6d5f122b5d18e871653740ab4
SHA256

edba8ccd7dfdd0f156fb80183439684faf4aa2f70f131d4ee192e73e12e72f0f
SHA512

aa783b078e3a1e65fe8ff3597eb1dffc7d1267cf9bbe50b8d32dc39dcb9673bebcfed7743b4a31114c9dad4a5bd0df35978ad87c83525b7a82d805245fc0e78b
SSDEEP

12288:Uzpeojs6NrsfWa/G2oy9bawFkHaW6Ofm1VHV:UYEE/9baXaW6Oc1

Score

10^/10

njrat

Malware Config

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0fbd44c0822387461816967898b57865.exe

Files

0fbd44c0822387461816967898b57865.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 420KB - Virtual size: 418KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 208KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ