njrat | Payload[.]exe | Triage

Sharing

General

Target

Payload.exe
Size

55KB
MD5

2fb0487c62fddc8148bb9c1e7a61ff0b
SHA1

166f462038f8db0cc6462c8f6de5f3098968b7da
SHA256

c3eecda765f66631358e23cbb02741b4e2fb2e56c76520d5a83b249ee8f929d8
SHA512

0fb567a204b6ed8c0104ac893168800fd4f40c3c6bebba1d446c53f5107a6b6bfea5d1d47c77f32efae765c675c976dbd64f541c671f7348100efc4659f42cc9
SSDEEP

1536:kdmIDn/NOryWhI0DGwsNMDmXExI3pmSm:BIDnE+v0DGwsNMDmXExI3pm

Score

10^/10

victim njrat

Malware Config

Extracted

Family

njrat

Version

<- NjRAT 0.7d Horror Edition ->

Botnet

Victim

C2

anyone-center.gl.at.ply.gg:7940

Mutex

27421004d62e68560786f4e6e6db51e2

Attributes

reg_key
27421004d62e68560786f4e6e6db51e2
splitter
Y262SUCZ4UJJ

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Payload.exe

Files

Payload.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ