njrat | spofrln[.]exe | Triage

Sharing

General

Target

spofrln.exe
Size

37KB
MD5

fdf0546d58297a6e51596876a12239b8
SHA1

e3a107f3f5a3d42548a1be0e8a23fc24206f70e5
SHA256

f224346929620555fc8ffea8a7814cccd5073434c3607583e4e87414cb599352
SHA512

56ab06704bb457c332afb7ea0703c826c1bf94dcc83912d8478d9b81d67e7e3eaffe25ba8883df39fb9ee3c0b0644b87cd0970274a6fc1717fa620af9e9deac7
SSDEEP

768:pulv2NWtkr+kJruz5irrM+rMRa8Nujp8t:kluNWiqk1u80+gRJNq

Score

10^/10

ktx njrat

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

ktx

C2

kartoxamc.ga:4726

Mutex

9bce47647dc8a6718dc5325121b298da

Attributes

reg_key
9bce47647dc8a6718dc5325121b298da
splitter
|'|'|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
spofrln.exe

Files

spofrln.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ