njrat | 555555555555555555555555555[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

555555555555555555555555555.exe
Size

31KB
MD5

fe6f894736afcbaaa70712986819dd63
SHA1

420b0ef62191359231cf5e07c24fa2774e8ae121
SHA256

48bc9497ff9b6e89c49c58196375fea257d99fbff312a449ad9cd0d25e16a311
SHA512

9e8ee88d0f27d6c220a296935158735d1a540c0510332d0a294709cde1c2b2161e9109232350e6933d1096b42af4a24d842a59545e92c6d43448e863c3c53f6a
SSDEEP

768:JrMXBwpJbb2zxxO5gaqn5isfvy4QmIDUu0tikqj:+kKJisLQVkGj

Score

10^/10

1 njrat

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

1

C2

talkh.ddns.net:4444

Mutex

cf4d648acaef80f615dcce168ffc92e1

Attributes

reg_key
cf4d648acaef80f615dcce168ffc92e1
splitter
Y262SUCZ4UJJ

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
555555555555555555555555555.exe

Files

555555555555555555555555555.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ