njrat | 2308-17-0x0000000000A70000-0x0000000000DEE000-memory[.]dmp | Triage

Sharing

General

Target

2308-17-0x0000000000A70000-0x0000000000DEE000-memory.dmp
Size

1.1MB
MD5

ddc53b3df2f3719efa4fb95d8c829424
SHA1

2ad095fbaa03c4c745ac860f231f8be41d515324
SHA256

5823f29ae3ab547994cb9a77c6cff8c125f7121067f89dcf53050ac1ac399fba
SHA512

108d850205b61917ee132533657a6ef0b8f40e164e9ffa19460f85f75b399b20aaa0c13ee9aa93838ac17fa9aea479a2dcf617d7b5cba7afb21ac3f9daf5c560
SSDEEP

24576:lLB6+gW/Ai2OfzAq//18xxYEuhkgAfz1N9/1:lLVfEifhbkz51

Score

10^/10

njrat

Malware Config

Extracted

Family

njrat

C2

hakim32.ddns.net:2000

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2308-17-0x0000000000A70000-0x0000000000DEE000-memory.dmp

Files

2308-17-0x0000000000A70000-0x0000000000DEE000-memory.dmp
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

yagftds
Size: 912KB - Virtual size: 912KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ