njrat | Payload[.]exe | Triage

Sharing

General

Target

Payload.exe
Size

55KB
MD5

c410a49af4db43bc049c53d3a2c922f1
SHA1

474b85960f5172f4ae00185e7ce176fd6f0d4b81
SHA256

a3567d00fcd938526639475739fcdb6d761711d0a91c8e0408a878808f21a2d9
SHA512

79bd9bb438018c9c1c182d55558cd56708d65061cccde0f357d93f609375a8ef9eada69b2276b39599bbf5bf24f11ff9e483f0a2ebda0f9db202a5b85ef87e0d
SSDEEP

1536:EBtu8DnN8N1+S1Cl/BODtwsNMDqXExI3pm0m:T8DnNGcXODtwsNMDqXExI3pm

Score

10^/10

pack njrat

Malware Config

Extracted

Family

njrat

Version

<- NjRAT 0.7d Horror Edition ->

Botnet

Pack

C2

gbyvwcn.localto.net:3906

Mutex

d78d7e2855c15bbee7722959f6687d91

Attributes

reg_key
d78d7e2855c15bbee7722959f6687d91
splitter
Y262SUCZ4UJJ

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Payload.exe

Files

Payload.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ