njrat | stub[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

stub.exe
Size

37KB
MD5

d7f8c725d967cd79e3c805749d367545
SHA1

c18026511b0fb6111199e4ee719b67f9135d4d98
SHA256

02d38f82c46f5d68f975f4565f099bd8224271717f767a7445b4a857f461e00c
SHA512

6c1123b135463783f61735fe66214b8e6851109f2b34e461068360aaa21590f7fc2909678b411cddce279d703793fdd864356bfd978dce7f7fffe005ab286d00
SSDEEP

768:RcbC4H06GVbFtyGeGnRTm+L2umMZSpphn:RewlGrcRTm+YMcd

Score

10^/10

soft njrat

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

SOFT

C2

45.84.227.157:5012

Mutex

0ec846a435bf91138081ad39491b85bb

Attributes

reg_key
0ec846a435bf91138081ad39491b85bb
splitter
|'|'|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
stub.exe

Files

stub.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 575B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ