njrat | asbd[.]exe | Triage

Sharing

General

Target

asbd.exe
Size

37KB
MD5

133714ff4407e9fd2c99420f0d3db07d
SHA1

2177b5280f01fcc40debcae318fe0b725144841a
SHA256

a34acf166bb2b8900b44ab9876a2a87060869a7ee7a6cf5ecac1ad0694d03f9c
SHA512

b373dbec2439b49bd992b89e319f8623a56b7550b9a9f9fc68c83e59c65d8986ba00d19fb21ee7ef46c9b1934b62bf254f2025db37f168e7631fe3acb1fb72c2
SSDEEP

384:9LExqgibvjpPu7w9qyMT4H/DisWUbKrAF+rMRTyN/0L+EcoinblneHQM3epzXpTW:mxANN9ZMT4HW1UerM+rMRa8NunSt

Score

10^/10

hacked njrat

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

0.tcp.eu.ngrok.io:17739

Mutex

cc25613e8d0d9855aedea11a711a13d2

Attributes

reg_key
cc25613e8d0d9855aedea11a711a13d2
splitter
|'|'|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
asbd.exe

Files

asbd.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ