njrat | gg[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

gg.exe
Size

37KB
MD5

0040e5705f25949024fb3e2c5e363b8a
SHA1

6b83f9a7f32a2c1fee59151c50f9a52064cb7a94
SHA256

4ce4b213b165a9f1d36f9461c9403a0195cd3941c7272716224d9baa3f467f70
SHA512

cce6764d0adbc5294751ed70b81371c55953ce093eba33679d189b0d7936c6c9f079313118b7e047f612307b163d1a7e79da883b5e34296439dcf1ed9b5825ae
SSDEEP

384:S4bsiDtT95hL5YyUvrZvZO64ai5PArAF+rMRTyN/0L+EcoinblneHQM3epzX0NrQ:xBv5zUvrZj1i9ArM+rMRa8Nuayt

Score

10^/10

hacked njrat

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

bit-number.gl.at.ply.gg:80

Mutex

509436a24fee386b89cdbbd6be2abed7

Attributes

reg_key
509436a24fee386b89cdbbd6be2abed7
splitter
|'|'|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
gg.exe

Files

gg.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ