njrat | gu[.]exe | Triage

Sharing

General

Target

gu.exe
Size

37KB
MD5

5623a039c27a4c274b375c83e42651d4
SHA1

877caa65809f345247c37d0bf64a49b1abda1e60
SHA256

87d0845412d5ad22a56954c151f0ae21cba71d2284189fdb0d3c6cb93b6282eb
SHA512

3f896c083919d310b4715d267dfccf57e10c8ba67a33f4feb1a6839cb97b922868339b9f448a5ad4360229837c030a03465337ec1aaba7d4fca64b8a31c00fd2
SSDEEP

768:/y0yQEkNVfCNWtkriwFYbMLrM+rMRa8NuOyt:hVqNWimwy4U+gRJNx

Score

10^/10

gu njrat

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

gu

C2

127.0.0.1:2323

Mutex

b7f2f50a5eff21f2499c81ed48fee825

Attributes

reg_key
b7f2f50a5eff21f2499c81ed48fee825
splitter
|'|'|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
gu.exe

Files

gu.exe
.exe windows:4 windows x86 arch:x86

Password: 1

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ