njrat | bObG[.]exe | Triage

Sharing

General

Target

bObG.exe
Size

23KB
MD5

5e7ee68a9382289a5d39097131d59fd3
SHA1

804ca9a1e41773512cb8fcd0c9b31035718f0420
SHA256

642664b453ed3b1754705ca12403289f1837180dbd511d339d901402e11d44c8
SHA512

5bd1b09e1797688879f1f2eb388602d6a310d247c88b80483c2e7ef5e5e2ef2b9d9bf5d1a5c032ba49c88f2887869e75f7fc84f96974fde4f0f3dc3dbde622dd
SSDEEP

384:N+n2650N3qZbATcjRGC5Eo9D46BgnqUhay1ZmRvR6JZlbw8hqIusZzZwAq:ym+71d5XRpcnuD

Score

10^/10

hacked njrat

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

amuccm.duckdns.org:6098

Mutex

669fdeaf246c156ff6ecc027db622a84

Attributes

reg_key
669fdeaf246c156ff6ecc027db622a84
splitter
|'|'|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bObG.exe

Files

bObG.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ