njrat | hoho[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

hoho.zip
Size

16KB
MD5

1152b5f2fac431ebbc2c66ab11fb2164
SHA1

3d27143958ffc073a0260cd6b38b1e38f8bd5e19
SHA256

08a1fefa9df4a5c9331c785f3d1aa79904a3343f4d39f66575ecbafe5955d62e
SHA512

67c163bf05561e645ce511fdd4ad2878a971239e3d99ed484d5a1048e83b63d860bd4daa1c709a1031dd9c0fd69b990ef18804418764f2f013e5a82811751534
SSDEEP

384:c+zQLEv0pi3nLitKfBC/EGGW/jXnrFp1d86w1tuuQ1:ceWi3LitSm7BdJpL1

Score

10^/10

hacked njrat

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

6.tcp.eu.ngrok.io:14891

Mutex

cbe37fe0d2f52b9ce783d6d1f70b20e0

Attributes

reg_key
cbe37fe0d2f52b9ce783d6d1f70b20e0
splitter
|'|'|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MinecrafTmod.exe

Files

hoho.zip
.zip
MinecrafTmod.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ