njrat | Server[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Server.exe
Size

151KB
MD5

6128da8357aeebb95f8f623f95fe00e1
SHA1

aa00745566d5b9c87ef508342e477f10a58b2e1a
SHA256

08f9e6f06ae1711ebcabe2beabe62817927a0a4fa0c3d213bbb4bdf1795760ed
SHA512

6d281703d93f8140ab0c0aaff8e4f70fbb46a2c23941dd28630b2d9ee3d659bef8b3428854d23314ccdbcec701d025a2e772531d1b1d6d5326d2a48242a59d63
SSDEEP

3072:3U9s2jw+yJuBAjVd1nut+uV2mTVDjFwkWl176jZ1hCagdgvPW:E9sO0VdRQ/vqkg1gEagdgH

Score

10^/10

hacked njrat

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

127.0.0.1:80

10.0.2.15:80

Mutex

4ae78c6e6578135e6a9ff8e58fda0221

Attributes

reg_key
4ae78c6e6578135e6a9ff8e58fda0221
splitter
|'|'|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Server.exe

Files

Server.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ