njrat | Payload[.]zip | Triage

Sharing

General

Target

Payload.zip
Size

24KB
MD5

b7e5053c63a747fef10313dc94e15b57
SHA1

2e6099c5d2de7f05072992a67c3304a48147bbdb
SHA256

270ce36f6d56dc4cc4252d2a2c5b2cb2b240dc3d87c02068b072b1620ea4267e
SHA512

a46b0adae4b8b1d29fc334e1329d749ac4c7a636e4759ff383513a1fc37c841bab45a2ac46b7e5920da2210d2078f2dc7c275f0563353b02a8110457bbab8e31
SSDEEP

768:804vHW67qjrgG9j9SZyfaMJMa2lhTfh6cbJ9uFtX3z1SaKgsv9:H4v260g2XYfbbJ9i539KF

Score

10^/10

victim njrat

Malware Config

Extracted

Family

njrat

Version

<- NjRAT 0.7d Horror Edition ->

Botnet

Victim

C2

tlkkyhm.localto.net:7608

Mutex

6943dac507c43de133ee9a5ce32fd755

Attributes

reg_key
6943dac507c43de133ee9a5ce32fd755
splitter
Y262SUCZ4UJJ

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Payload.exe

Files

Payload.zip
.zip
Payload.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ