njrat | asdasdasd[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

asdasdasd.exe
Size

78KB
MD5

4046240138352e21d8e3c20787769187
SHA1

7c74bc947812fb33ee8a4780bed766706d19e3a0
SHA256

686c19007200af5ee53bfe0e8aa0e5f3ac64d273a4fd5268d64673c36f973c3e
SHA512

59340bf2e37512697c87829b94c954d76d97a8ec3aa56cdbe7fb85e878e18200ffeec5cec62d9b4e6370e934d96afbacdf2a7f9cca5d5b4f6ca0fcde675f1d20
SSDEEP

1536:Jwe+UwpuDpYS5wpOk3JCK6pFoEDv6fOpd/9nEh9TGEJ9R:wQwpOk5CK64O/9ESEJ9

Score

10^/10

lime njrat

Malware Config

Extracted

Family

njrat

Version

0.7.3

Botnet

Lime

C2

26.213.82.125:12550

Mutex

Client.exe

Attributes

reg_key
Client.exe
splitter
1234

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
asdasdasd.exe

Files

asdasdasd.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ