njrat | Clex_Cracked[.]exe | Triage

Sharing

General

Target

Clex_Cracked.exe
Size

23KB
MD5

234bdeac575bea8006b925dae8ac2ab1
SHA1

8e09a9312d2f25acaffadc4b26edbdc7ccdf1b62
SHA256

469be647e262e31a1fd0003b6da8a620dee09e3056b44959e30ed02510c88f4a
SHA512

ddcfca570d57454180d82ed4d3cbce06f424931c060470fc5f564c1729168047ed52885732f2a23a1a82e00e6b19ca17b828f205ba36453538b183fd13534571
SSDEEP

384:qL/N4bcpPiJLQrWARGSRUKrbY6GgMSxDDGt8mRvR6JZlbw8hqIusZzZ1W:he2F+tReRpcnuP

Score

10^/10

clex_cracked njrat

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Clex_Cracked

Mutex

f49bdb39b8fe512b471aecd7faf90551

Attributes

reg_key
f49bdb39b8fe512b471aecd7faf90551
splitter
|'|'|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Clex_Cracked.exe

Files

Clex_Cracked.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ