njrat | Setup[.]exe | Triage

Sharing

General

Target

Setup.exe
Size

37KB
MD5

e3383ba53ecebb2ecb7063fcccff17dc
SHA1

cd1384e86f194f95c8939418d30c80c56c412645
SHA256

07eaa040d73e39f53851533c8c09d92cd3228d099236e3995b19b4c8a1c15ada
SHA512

563f952147c529230824ae6feaababb3ccbe7eca324d71892d2d4f68ffc0eb6eaf1edce29662c63563cd1f7c6de6e4468b35e2b96a7eb43c93aa7367c2877d34
SSDEEP

384:LpRWUiDZblmJEpRGyEff1PNN0CYSmkhrAF+rMRTyN/0L+EcoinblneHQM3epzXPL:9R6HpR9Eff1P0Clm8rM+rMRa8NuxZt

Score

10^/10

hacked njrat

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

3.121.113.182:1337

Mutex

0cf848bcebf5d082d484e0ffe1e8f23e

Attributes

reg_key
0cf848bcebf5d082d484e0ffe1e8f23e
splitter
|'|'|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Setup.exe

Files

Setup.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ