njrat | 9baab5003a46427ad3de5289838883de | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9baab5003a46427ad3de5289838883de
Size

145KB
MD5

9baab5003a46427ad3de5289838883de
SHA1

7b4679a4435825bef16a8c6bfa876e371aafe9bc
SHA256

ae045e5d34985254f71b2ca00b6e41350d825667dd7b030ce9bc51fc5161f9c1
SHA512

0d39e08c0288135c37c14bc84d3eb480b5e7956823e2d41590b55bb882af080ea496b25bd31f75e290d0d6fbe941fedf651862c96482d846a6526a04c85a3a06
SSDEEP

3072:hYOObaCLg8cbKDdugVyqE5zbATcpIboGWIRk0D2WAY96RkknUnk3nnU:jSobKRQeKIOkknUnk3nnU

Score

10^/10

piska njrat

Malware Config

Extracted

Family

njrat

Botnet

PISKA

Mutex

53$79$73$74$65$6d$33$32

Attributes

reg_key
53$79$73$74$65$6d$33$32
splitter
|-F-|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9baab5003a46427ad3de5289838883de

Files

9baab5003a46427ad3de5289838883de
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ