njrat | glass[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

glass.exe
Size

27KB
MD5

8ae7027a9a14f59e96d0194d1ba7fbbf
SHA1

1697bb93e4e060a7d268f8fec5eb5ae89c8f5a0e
SHA256

ead841941e7977edf30dc4aa8eb11ac8ced85f347864c964ba42a9140c47e53f
SHA512

5a82f8a7abe8242f22ef665cd4279f4a85fc131ac46593086a73c035e1b1e98ed591b20a43a73428666c9e2ad9b548415445c1ca48b92a1e04a5b6563af55187
SSDEEP

384:EX+n2650N3qZbATcjRGC5Eo9D46BgnqUhay1ZmRvR6JZlbw8hqIusZzZSW2xI858:Ewm+71d5XRpcnuaK

Score

10^/10

bedcgd njrat

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

bedcgd

C2

198.185.159.144:8525

Mutex

723123510699e1116a2715272ba5c7d6

Attributes

reg_key
723123510699e1116a2715272ba5c7d6
splitter
|'|'|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
glass.exe

Files

glass.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ