njrat | NJRat[.]exe | Triage

Sharing

General

Target

NJRat.exe
Size

31KB
MD5

29a37b6532a7acefa7580b826f23f6dd
SHA1

a0f4f3a1c5e159b6e2dadaa6615c5e4eb762479f
SHA256

7a84dd83f4f00cf0723b76a6a56587bdce6d57bd8024cc9c55565a442806cf69
SHA512

a54e2b097ffdaa51d49339bd7d15d6e8770b02603e3c864a13e5945322e28eb2eebc32680c6ddddbad1d9a3001aa02e944b6cef86d4a260db7e4b50f67ac9818
SSDEEP

768:64+64ZRzo+zxJ+lS7gqzZ5XvzpQmIDUu0ti69j:xM3/Bh1QVkvj

Score

10^/10

geforce njrat

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Geforce

C2

startitit2-23969.portmap.host:1604

Mutex

b9584a316aeb9ca9b31edd4db18381f5

Attributes

reg_key
b9584a316aeb9ca9b31edd4db18381f5
splitter
Y262SUCZ4UJJ

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NJRat.exe

Files

NJRat.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ