njrat | 3eff5c6e1c6391488a4ed985fb2eb44c[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3eff5c6e1c6391488a4ed985fb2eb44c.bin
Size

24KB
MD5

ece09fd9279f9a4a65fbb892af295952
SHA1

19eadfa550877b9e46d92e39155423923d4540fc
SHA256

39499a5bbaabe5e1f169f7ca6151d62b4f2ddd8d41eea55b474c426ee0cad7c1
SHA512

755dbdf8e4628630edd438b976ca6a2ca18df4e4687a1d88aa796bd19ee2cf3bb1ad538f0c6c7b2d1abbb6b75a0b98545d0be433620a38eeaf23b846d961cbd4
SSDEEP

768:ATVxb0kQc3IRs6ve4QcglJ4O8X8PBeYO+n4D:ATbIc3IRX24QcgVEMkD+4D

Score

10^/10

flagtest njrat

Malware Config

Extracted

Family

njrat

Version

<- NjRAT 0.7d Horror Edition ->

Botnet

FlagTest

C2

away-displays.gl.at.ply.gg:26916

Mutex

f9f7689fa95bfcdb2882ef61b16dda21

Attributes

reg_key
f9f7689fa95bfcdb2882ef61b16dda21
splitter
Y262SUCZ4UJJ

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/28335d3be92246bb9d11c3bbeed55af53a15bb3dbd187ca7abb7acc815bcbe4a.exe

Files

3eff5c6e1c6391488a4ed985fb2eb44c.bin
.zip

Password: infected
28335d3be92246bb9d11c3bbeed55af53a15bb3dbd187ca7abb7acc815bcbe4a.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ