njrat | celex[.]exe | Triage

Sharing

General

Target

celex.exe
Size

55KB
MD5

12b85b6e730f6f4a92e2b10056269197
SHA1

f642ac330be5fe04bc21cd4a98e77e9d017f97c6
SHA256

c16c299ce7b493462cd973c199d2fec2544800711ba0b42cf47f84374d6e71d7
SHA512

ab7bac1c0603ece5339baccd8566a2151ec488e820f6f0a119a9882a92f27f9a6844d6273ad27026b869363a9366531d0f4e7677461538cd350e1111e15c5081
SSDEEP

1536:sjYADn8fLN2/SbxRDD3wsNMD7XExI3pmSm:RADnccqbTDD3wsNMD7XExI3pm

Score

10^/10

victim njrat

Malware Config

Extracted

Family

njrat

Version

<- NjRAT 0.7d Horror Edition ->

Botnet

Victim

C2

cities-constraints.gl.at.ply.gg:16265

Mutex

02c50d9a6cd2748a3e6820b9ed4d22d1

Attributes

reg_key
02c50d9a6cd2748a3e6820b9ed4d22d1
splitter
Y262SUCZ4UJJ

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
celex.exe

Files

celex.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ