njrat | 500002[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

500002.exe
Size

37KB
MD5

31a380e96948363bedcd4fb25635e655
SHA1

80d40cd7c06a523c6bed7863a07c595ac840e65f
SHA256

6a831d82bf0a54a75bd71a0809e265658c79ac5f50122412cf809bd5a3030cd3
SHA512

63c27c66d992223d9047d6b24a5eb8b89c5247c6b93dddd4eba6d502890749d945c329b24eada17861329f863e5f7cd79c39d8e427f0280e9f752c0fb194436e
SSDEEP

384:jRDgIiejjCVLO309Qmykrt6K9syhfUvuuGurAF+rMRTyN/0L+EcoinblneHQM3e6:dSdGdkrUUtUWuNrM+rMRa8NuFeFt

Score

10^/10

pc1 njrat

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

pc1

C2

91.168.44.197:45002

Mutex

f2640d3e86fb77d307ef2095b274aeb3

Attributes

reg_key
f2640d3e86fb77d307ef2095b274aeb3
splitter
|'|'|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
500002.exe

Files

500002.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ