njrat | dllhost[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dllhost.exe
Size

36KB
MD5

1c39ebe638963f41ce3ed83db9b4ce16
SHA1

67d888fc35a2dcb8626d956d7ae75fb3713a888b
SHA256

bf6c2b464574634375d7816633916412f8897bbe97c297104e5a74ce63b6b5c9
SHA512

478c251901cae448cb3e789b6c9301bbaa2c3c37fa3e2b6ec7d2dc639849365785afad9b0e558ce227ab46f641c93f69c1a458030a69872385342089db6fed46
SSDEEP

384:BQaiBcN6EKvHHNyAvNYW7Z55E+/BxK7DQYtDgtykYrihlxNm/oU3mvj1SD9SvLN0:B4qWHsAvNpK+5xKjKgkbCTaSp4LNhy

Score

10^/10

01-23-2024 njrat

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

01-23-2024

C2

sknt6.ddns.net:4000

Mutex

0e3cb439688a34c86b6adbecb4d86758

Attributes

reg_key
0e3cb439688a34c86b6adbecb4d86758
splitter
|'|'|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dllhost.exe

Files

dllhost.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 575B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ