njrat | Ratka[.]exe | Triage

Sharing

General

Target

Ratka.exe
Size

37KB
MD5

f82ab1b6c91dbfc8a1fc643f3c10922b
SHA1

5088dc1515bf6cedfbea693bdf0d897e25345775
SHA256

3ba782f1ddf9b091232171b072b30dd145090d02cbb16f6ed816e14e35885285
SHA512

def496bca5a0cc7957d726d02409372885292690618ae5a13c44e6921fb7de72e5ec8e1855a2cb1de9d4cc1d77be01f3e7d65889b17bf41f00cea12d6b6f805e
SSDEEP

384:VmOq0IiejvCVLO309QmykrtG+dA+Vd7wvOSiKrAF+rMRTyN/0L+EcoinblneHQMi:XLdGdkrgYH7wWS9rM+rMRa8Nu9+Ot

Score

10^/10

hacked njrat

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

0.tcp.eu.ngrok.io:11331

Mutex

166eee41ae0e0f4544d895f9671505cf

Attributes

reg_key
166eee41ae0e0f4544d895f9671505cf
splitter
|'|'|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Ratka.exe

Files

Ratka.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ