njrat | Server[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Server.exe
Size

37KB
MD5

c8a51dddcbec68067ad53fd566e9454f
SHA1

b95652829dc103cd357f3e9af49afd951cc3f744
SHA256

56212b8ffc6216929b35624a6ed99e02cbf98338524dd8e02c6f2ab000e64cc4
SHA512

c4acea7fc19cddfa497f60130eb899e14638573a35bfc8b5144de2ba051e8bd21f7d4e6d990cd37a071ca2981f9cf662856ad2f4032a3cc84eae9c97482b8c50
SSDEEP

384:DmOs0IiejvCVLO309QmykrtG+dA+VfwvOSiKrAF+rMRTyN/0L+EcoinblneHQM3G:pFdGdkrgYRwWS9rM+rMRa8NuUVct

Score

10^/10

test njrat

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

test

C2

0.tcp.eu.ngrok.io:18451

Mutex

0d3c0f3e26a0c0bfcb84a0a42e12f5da

Attributes

reg_key
0d3c0f3e26a0c0bfcb84a0a42e12f5da
splitter
|'|'|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Server.exe

Files

Server.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ