njrat | 4b538e0fed0fe08ae1c8e69dc117fa0d[.]bin | Triage

Sharing

General

Target

4b538e0fed0fe08ae1c8e69dc117fa0d.bin
Size

55KB
MD5

4b538e0fed0fe08ae1c8e69dc117fa0d
SHA1

31515400be72476bb0645cb381c6d94648a28454
SHA256

aa5a92288d88da7e10582d2bda74f117b78ac40549cdd88db1899faf428c1725
SHA512

0eee989428246417bd789a1c2b01226edf805ee9a9cec10a6ee0055f1be7c90aba7ef34fad7d6bdbc430ea18b4dfa184d384a3ce3c5de0a2f990ac7e2f67cb8f
SSDEEP

1536:R+8N4DnzON2zUz/UVcD2wsNMDBXExI3pmJm:R4Dnz3oz8VcD2wsNMDBXExI3pm

Score

10^/10

ha4ked by @forlove njrat

Malware Config

Extracted

Family

njrat

Version

<- NjRAT 0.7d Horror Edition ->

Botnet

Ha4keD By @forlove

C2

away-displays.gl.at.ply.gg:1144

Mutex

168773d1c6918676175c156889709475

Attributes

reg_key
168773d1c6918676175c156889709475
splitter
Y262SUCZ4UJJ

Signatures

Njrat family
njrat
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

4b538e0fed0fe08ae1c8e69dc117fa0d.bin

Files

4b538e0fed0fe08ae1c8e69dc117fa0d.bin
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ