njrat | Run[.]exe | Triage

Sharing

General

Target

Run.exe
Size

37KB
MD5

3acdf1663d36a5f7c0f94d27469a70ad
SHA1

162b240e72aa774a242d4ef1393b891f08fc16bf
SHA256

1af573a3e51c01ff96ce9aff3c8e1a5e13a73dfad4cb740252769c803897efbb
SHA512

0295ba59680cad6cc8df9660dff4d84d1c1a564afa321b972eb575dd9e17880ac9b525ffa0d037977cc41443138e0577de37b0533852765ba3576e097f64d090
SSDEEP

384:YtVMiLJBndznNCyMGmN4y3VncG6DSprAF+rMRTyN/0L+EcoinblneHQM3epzXvz+:e/RNRMGmNJJd6ErM+rMRa8NuFKt

Score

10^/10

repoh2cker njrat

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

RepoH2cker

C2

147.185.221.21:3238

Mutex

b9ac204121aeb89afba5c1de324757b0

Attributes

reg_key
b9ac204121aeb89afba5c1de324757b0
splitter
|'|'|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Run.exe

Files

Run.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ