njrat | Client[.]exe | Triage

Sharing

General

Target

Client.exe
Size

31KB
MD5

af7988776bbe9df86be38c5ef47c5912
SHA1

9bed7d201ed4d3da280bd8ed162a36531d9b3546
SHA256

43fe76091a2841970ea831d67bdf9c0f76a70d80134eff66d43ef964a262bc80
SHA512

a3246ae3cb4c14a8fb264ff5a071792720066f51c4e6e47953ac18ed55db87cada64159168e2290bcae290aba1599ae8936c3902f6d01b402ce3840b433719ec
SSDEEP

768:Hld6Hcp9P3SzxdupgxJTvj1DvhhQmIDUu0tih/j:uHQ6fpzQVkUj

Score

10^/10

mybot njrat

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

MyBot

C2

reviews-christians.gl.at.ply.gg:42294

Mutex

2d056d0287404332f9bd399eecd73987

Attributes

reg_key
2d056d0287404332f9bd399eecd73987
splitter
Y262SUCZ4UJJ

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Client.exe

Files

Client.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ