njrat | svchost[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

svchost.exe
Size

55KB
MD5

78c1efa671ef2f9693b51ecab8c52e43
SHA1

6462ca58a83a16e2b5b73209351a6ee8a6b73a26
SHA256

ee6ad42af69b3e096b327d4718489ee28f80f68dc5d8d88c457f81bc78b1d77b
SHA512

d6e3327cea8b7340e3cc8390d74dc6af0d59d6b5a8caf730046542839320bd3785a830d25ae16f9ce70c4d077be71b4232aa43813cfa69616f96d114a7ea01aa
SSDEEP

1536:HOXADnDUNEN1nSM6AD0wsNMD0RXExI3pmzm:OADnDRSRAD0wsNMDSXExI3pm

Score

10^/10

victim njrat

Malware Config

Extracted

Family

njrat

Version

<- NjRAT 0.7d Horror Edition ->

Botnet

Victim

C2

rating-fits.gl.at.ply.gg:1094

Mutex

9386777fa0c55d638f7867508c149f22

Attributes

reg_key
9386777fa0c55d638f7867508c149f22
splitter
Y262SUCZ4UJJ

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
svchost.exe

Files

svchost.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ