njrat | Server[.]exe

Resubmissions

28/06/2023, 23:54

230628-3x7hhscd2t 10

28/06/2023, 23:51

230628-3wcazsbe23 10

Sharing

Copy URL Twitter E-mail

General

Target

Server.exe
Size

93KB
MD5

1a308994baf909635842ee3ce5ccb0cb
SHA1

a107203fcf75961e3634d918dd71c569d2494e20
SHA256

673f74c81fb445536fe66231f61fd1f9c98db271214d6aa3e171b12401a0dd0b
SHA512

3740985df23d337571b1fe1dd3a38a935cd28b50cacc3bf1b82b4d8f22d878265b5809ca673530c7f9d7838cce150d1e6f99f02181822700377a3895df6de0ab
SSDEEP

768:aY3A5UQy0lM7utchQmnroAgFDSXaaJ4oXbyXxrjEtCdnl2pi1Rz4Rk3KsGdprgS7:OUt0i1nroxFMeowjEwzGi1dDmDrgS

Score

10^/10

victim njrat

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Victim

hakim32.ddns.net:2000

6543etfd2-59719.portmap.host:59719

Mutex

dc5f1830bb8e8c901d53791ccaf93823

Attributes

reg_key
dc5f1830bb8e8c901d53791ccaf93823
splitter
|'|'|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Server.exe

Files

Server.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 92KB - Virtual size: 91KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 92KB - Virtual size: 91KB

.reloc
Size: 512B - Virtual size: 12B