njrat | New Client[.]exe | Triage

Sharing

General

Target

New Client.exe
Size

164KB
MD5

c0176890b7a76bc4b4361994288794ec
SHA1

fad41ab4f12c10d01609f3d9c821baeab407304f
SHA256

62cdff077aa0bd67d1b52e1d5e5b5aa34ec9e74dd2d2440f6b02d2f73a249b6e
SHA512

82509544d7637b7d87ca04e3335bd36816683e17f34787523556b2c35816770f36f5166fa022565f37b1b0c1898031266bf618f0fdec92fabbe5efa240e919e3
SSDEEP

3072:j6GN/4ZmTcci+ui9vhggOYyKqvO5ctEs+SNwCUbEM09a8U:j6f+ui9vq4qvAsNNObTO

Score

10^/10

njrat

Malware Config

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
New Client.exe

Files

New Client.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ