njrat | ftcracked[.]zip | Triage

Sharing

General

Target

ftcracked.zip
Size

11.3MB
MD5

97e4f72d7ed421ceb8c7f2d376b26dcc
SHA1

3e830ba2e71a08e3f2ec5f4492426e2e96177596
SHA256

5a71796f27aa0e6275867bcfaaa08c199a7bb16457c1a7281486e419a94cd43a
SHA512

6bbd1731614cf0fb24b48c0f8bd4227cd41b51a96c501355fdc972335d0db4166731de549e42cbe816bb509da860e39a898ba870619eea36c8c46778551ffe87
SSDEEP

384:8C617CiM33jBVbJsy8PJ8bAoxPPvfQaUh0ErAF+rMRTyN/0L+EcoinblneHQM3eU:hNbJP8PJQAiHVUtrM+rMRa8NuIKt2J

Score

10^/10

svhost.exe njrat

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

svhost.exe

C2

5.39.43.50:5234

Mutex

ea0e047ed4e2ee535255119cbaabb438

Attributes

reg_key
ea0e047ed4e2ee535255119cbaabb438
splitter
|'|'|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ftcracked/FTcrack29.12.24.exe

Files

ftcracked.zip
.zip
ftcracked/FTcrack29.12.24.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ftcracked/models.dll
ftcracked/selectpoint.dll
ftcracked/visuals.dll