njrat | Laucher Mta[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Laucher Mta.rar
Size

11KB
MD5

5ef12b875078e9fa8adc265c749d2555
SHA1

f251418c0205b3dc523010449d27913f45f9744a
SHA256

33465e704ae1e62599c98be18de28696f2c9f014243e2a37b15005bcc379101f
SHA512

394b8bf6e1ead1b038fc24b79b1b4f7ed23c320758387cbcb99ea58a3126c646f3a48ce77109875c138d6a6bd152efccdd3ebd0a93ed38ddedbcc79f8075f212
SSDEEP

192:qbnj6WEKFknxqRq+avtiY+iWx/awQsJZKSDqZXocz0V5AwMpTwPL563WUteRJVs+:qH6pKFknxuDavtdEMsvKSU9+AwMpsSWV

Score

10^/10

laucher njrat

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Laucher

C2

players-celtic.gl.at.ply.gg:11897

Mutex

8070cac3fa16f7a7eee679eadfcdefef

Attributes

reg_key
8070cac3fa16f7a7eee679eadfcdefef
splitter
|'|'|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Laucher.exe

Files

Laucher Mta.rar
.rar
Fix.txt
Fnar.txt
Laucher.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TUTORIAL LEIA ANTES.txt