njrat | 19159c6d912eec19d4a91fa9eae85dae[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

19159c6d912eec19d4a91fa9eae85dae.bin
Size

16KB
MD5

1b10fba9f1cb79acf27a56295e6b951a
SHA1

a27ab6385463b01f28cd1c7f49b9716f7b6d146d
SHA256

83b84829f0a3a45ade8148f0bc3cb6b57a4cb41b31dd317b99f5466c3b474d4a
SHA512

ff33a3f1887debcf502a3dd1e22be878f8917796d177ce1cfb97cff616b2ce783666dee1b9cdd0cdca040639da40a1c6faf00962b641fcaff84d9b2302628765
SSDEEP

384:6Bijn4XJrtwAKmcp+dxCtQ+VeexbbMs0zfL:6qQ2McpUoZc2+bL

Score

10^/10

swat njrat

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

SWAT

C2

0.tcp.eu.ngrok.io:19926

Mutex

ec391e7c68470235ae5aa8a1e5e0be35

Attributes

reg_key
ec391e7c68470235ae5aa8a1e5e0be35
splitter
|'|'|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/dd9db3ce85e04785fc2e509c534f00ed5e5bf42254a282a641f9c8c1a0a535aa.exe

Files

19159c6d912eec19d4a91fa9eae85dae.bin
.zip

Password: infected
dd9db3ce85e04785fc2e509c534f00ed5e5bf42254a282a641f9c8c1a0a535aa.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ