njrat | b8a825c21a22ae4652346ac8c9ac733a[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b8a825c21a22ae4652346ac8c9ac733a.bin
Size

11KB
MD5

e1dea96ffd904b02d27aee4fdf9132ce
SHA1

32277473c5cec456eda913d8742ae4f6c3ecfb16
SHA256

a6536c1700841a5790facc7593648a80d3db7e41b0f29082ef2adaa3f4d42c1c
SHA512

35c42498bae04b004e2f6d7be9485b3ba9e3cb8c0f44601c3a40977ae675cea5186ce32dbadf0839af9cf131a207bcd74bfc71e68552eb706a054bfac26b0226
SSDEEP

192:L5Tzpv+1jM/y4gXxgQQxVlgGHAmVR4GH7JQm/k5FSA1gXzv5FgWWNjtu:dTZ+dM/VgXYlgER4Gbqqk5FSA3WWdtu

Score

10^/10

captura njrat

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

captura

C2

safeprojectbr.duckdns.org:1010

Mutex

7419d4eefff139ef331923c8857567d8

Attributes

reg_key
7419d4eefff139ef331923c8857567d8
splitter
|'|'|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/fdaee92ea99d938b43ee9c1d49fc048f4af9cfd874aefa1370024f8490f70629.exe

Files

b8a825c21a22ae4652346ac8c9ac733a.bin
.zip

Password: infected
fdaee92ea99d938b43ee9c1d49fc048f4af9cfd874aefa1370024f8490f70629.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ