njrat | 4834daaa2464378474669c26607f8c55[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4834daaa2464378474669c26607f8c55.bin
Size

11KB
MD5

292879dbf4fa9c688563cdceba34fcc3
SHA1

56f3270b8abecc688925b08287a83fbb5479cb16
SHA256

d66241799c6506e72bbb4bf7fd6828bcdf7d5efe9e43f5664b7675558ed34559
SHA512

9e39f064487ec9b5502955729c19ef31908f0911e6350f079f4e9e790f96c4d41a29e38663992aad55a68615f51be34f48931f0edc14603aeffe4f9c680025d9
SSDEEP

192:SHkkuScQbftL81EEAaegPeX7hszr8hROQMAqlIIgYbD6pd1L1DlC:SEtSDm1EEXegXyROQjWj96pj1hC

Score

10^/10

zayan1 njrat

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

zayan1

C2

65.0.50.125:22158

Mutex

a4cbdc4b353efef9adf0da32b8aa4cb1

Attributes

reg_key
a4cbdc4b353efef9adf0da32b8aa4cb1
splitter
|'|'|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/559d282b0ba15515ba2b906da3d68f60ec4bcb0934d07d7e922f34909a378707.exe

Files

4834daaa2464378474669c26607f8c55.bin
.zip

Password: infected
559d282b0ba15515ba2b906da3d68f60ec4bcb0934d07d7e922f34909a378707.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ