njrat | 250224-s84kwszry4_pw_infected[.]zip | Triage

Sharing

General

Target

250224-s84kwszry4_pw_infected.zip
Size

15KB
MD5

1f340537e0e959bae9e6dfdb08cb36a0
SHA1

7ac555fe39d328b7136a8f56eaaeb0ac8e1ab0b7
SHA256

1608067bcfbc0d33c37ca63583e9cc3c45026d7c6077989740a5cfce9f9a6624
SHA512

83305b19af9af4a2fdd6353eed9564a8b64788f21569de3798cc7090141c3f7bf672252cd3c00e718370e1ab7206df262dfa44229d671dfca031664e1ea42009
SSDEEP

192:0ym4l0ZNc/Tmij4UZ0yeGwS5UHgyVkkuCJAGdFASllGrwl0JJHu1xxfFd1AqFeTE:DmZNgTCye65JXbWFiG0JcDFzBzkoV

Score

10^/10

mybot njrat

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

MyBot

C2

127.0.0.1:6522

Mutex

60c28f2ec9c1d3d7f391e11534af955e

Attributes

reg_key
60c28f2ec9c1d3d7f391e11534af955e
splitter
Y262SUCZ4UJJ

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Client.exe

Files

250224-s84kwszry4_pw_infected.zip
.zip

Password: infected
Client.exe
.exe windows:4 windows x86 arch:x86

Password: Infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ