njrat | 52c644f9c4fed6b93ba3f70fcc58c48f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

52c644f9c4fed6b93ba3f70fcc58c48f
Size

31KB
MD5

52c644f9c4fed6b93ba3f70fcc58c48f
SHA1

80b8d2c207c3a3e2183c7f8f2b1d49f8a62fa0f5
SHA256

ad2d16d8c6620c242974716d1165a664b6504f82d7929fb346437596df81db10
SHA512

73d77cfb2fd5ebe860a9bd38522b2606986ab65d80ef2e8521bf7249e578cf93f2467d67bdb425a2b8bbc5aebb28893d944ae9cd48b80f2b5a76439fa645528a
SSDEEP

768:2TURYZxTDezxp+BQ1aH+Z3vSDQmIDUu0tirxj:XsaphgQVkAj

Score

10^/10

clientasd njrat

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Clientasd

C2

25.45.164.207:5552

Mutex

064359b5d0dfb484705bc4d81db92ae8

Attributes

reg_key
064359b5d0dfb484705bc4d81db92ae8
splitter
Y262SUCZ4UJJ

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
52c644f9c4fed6b93ba3f70fcc58c48f

Files

52c644f9c4fed6b93ba3f70fcc58c48f
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ