njrat | New Client[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

New Client.exe
Size

61KB
MD5

85a3a9864b5ca298e2d60fdb72871ed6
SHA1

d30cdce2f3f93fc9785121bef3c5ecd97e317c21
SHA256

0e52c0a9e9dc8ef01a873af7267b1780026b6ce4b328e55f70eaf292dc8f6b3e
SHA512

1d463d6a501b04ad771f404cd14dc0c20fc3c8cea256bdb10065d711e2731835dee3c13c2ad7c61037b78a4de60de20d1d55616c865a7ccddb2caaddd41b999e
SSDEEP

1536:y2MIcJq2mnw98iVLl+KNwM0ia9P3xEmF9bb:yxIcJqjTiVAK+Tn9PGmF9b

Score

10^/10

hacked njrat

Malware Config

Extracted

Family

njrat

Version

Platinum

Botnet

HacKed

C2

127.0.0.1:22930

Mutex

Client.exe

Attributes

reg_key
Client.exe
splitter
|Ghost|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
New Client.exe

Files

New Client.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ