njrat | fighter[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fighter.exe
Size

55KB
MD5

dd22ce0a08f94777da9edaa22234723d
SHA1

13d780a1aa0342e130409b795004dfaed5767d1f
SHA256

2ed585f729989e08209c138bd66c410d8252d530ca6b1f94bc9997c322d15b70
SHA512

b31bd2c9345e651854f6b660c336622cb389bfba7a9b2f78d984cfa95facf0f9948c11e3c4bc4be1ac05ef3c948fe4060319ab074d2d5d11dfe8fa8af6b8a435
SSDEEP

768:sua6lOt1Man8E2N6FikUt34okSNcmwFvfu0YMDHPsqL7XJSxI3pm3m:su1cDnCN6FikSJDpwsNMDpXExI3pm3m

Score

10^/10

victim njrat

Malware Config

Extracted

Family

njrat

Version

<- NjRAT 0.7d Horror Edition ->

Botnet

Victim

C2

away-displays.gl.at.ply.gg:26916

Mutex

4f7a9ccc3b800a6f3e463184df3625aa

Attributes

reg_key
4f7a9ccc3b800a6f3e463184df3625aa
splitter
Y262SUCZ4UJJ

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fighter.exe

Files

fighter.exe
.exe windows:4 windows x86 arch:x86

Password: popo0909

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ