njrat | Civillian[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Civillian.exe
Size

51KB
MD5

797c83a29f0943dfcf7be0d19031ae1e
SHA1

92b3fd0a6a934eac44643918328fca2b98ad207e
SHA256

862ce54102d48ae07eb6326b8428f361bc838e540134836ded8275b17f7362dc
SHA512

8cc53f298d8572b5b979d28320a18f78f1d4618cfd9203f0f7ef8688f0f597155251e333b084e1c605e1f4593c59c2e67fd2edfeba2a3d39ab08c1e5af23b0b7
SSDEEP

768:eDId3QTu1H8ll64nFR5JP7eK69dAlBJf6y2:oIdgyuzfnFRqz9kJiX

Score

10^/10

njrat

Malware Config

Extracted

Family

njrat

Version

njRAT v0.7d Edition Syria

C2

Ni50Y3मेuबीपीXUubmdyb2suaW8!:粹ताk0粹zc=

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|'|'|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Civillian.exe

Files

Civillian.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ