njrat | tmpu54b93b5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

tmpu54b93b5
Size

29KB
MD5

f7d4c2aea670b1ccb61cf237cae46ea7
SHA1

462a62fcb6ceb09d5a399d9fbe2777251e900927
SHA256

6283331e22856540ba07caa93e3bd176f56c7054d24ab96c630e44abbaf088ad
SHA512

028b624907106a9f8abaa97d99cb978caab9fb30741e4cc7dbcac2ad178164e91f985aea313585209352a5fea03f814ff40fd03ec7b6fd52669537d9a6877c21
SSDEEP

768:nK7ZW4Oakw1BJX7oqsKuelBKh0p29SgRfo:nK78KEJKLKhG29jfo

Score

10^/10

downexec njrat

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

downexec

C2

94.156.69.231:2024

Mutex

7114dc727ecf605a06afd29582787010

Attributes

reg_key
7114dc727ecf605a06afd29582787010
splitter
|'|'|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
tmpu54b93b5

Files

tmpu54b93b5
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ