njrat | f941d4289c21e6869ccc150d0ac16949[.]exe | Triage

Sharing

General

Target

f941d4289c21e6869ccc150d0ac16949.exe
Size

31KB
MD5

f941d4289c21e6869ccc150d0ac16949
SHA1

e83c6a286a32b1b92d03f93af7c7db1b98577f47
SHA256

87124ba55c45642f67890b15ffd1bc0e7911bdf8647af2b3eb0e52073353271f
SHA512

38da0fc14735c29e8fe395383b06155d658a48668f3f4a3f39e6e9ca5bbcac22a646d4d5e6d2572dacd5a5d05cf84478664954d30bc5dc55d371929e529cfe65
SSDEEP

768:1rhO5b13hdwzxLy3os0O/dMRvCnQmIDUu0tikFj:5cZ6eh6gQVkJj

Score

10^/10

mybot njrat

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

MyBot

C2

185.65.68.247:6522

Mutex

f09cc1168523e9783d4ea336fffe9971

Attributes

reg_key
f09cc1168523e9783d4ea336fffe9971
splitter
Y262SUCZ4UJJ

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f941d4289c21e6869ccc150d0ac16949.exe

Files

f941d4289c21e6869ccc150d0ac16949.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ