njrat | test[.]exe | Triage

Sharing

General

Target

test.exe
Size

37KB
MD5

ef0670e212e4aab8d3fd843132b18af4
SHA1

114bd063d003e1a6f562806448bfbe0542103766
SHA256

645b3e305e1bfe9bad10c69e7f06132cb147a3d6980fe24d7a5cfab40c04d5d6
SHA512

1a7fe5f6fe2654f501b1775565ec9e4a8f3cb9d936061337960fc270eb1bb628fd8daf9f8e13d509b95b9f2c0a4f2d74d5393e2aac25c32cf361422c21e7b250
SSDEEP

384:Z6QCT0i9XdTe/kCOyU7H4fVADXCSUrAF+rMRTyN/0L+EcoinblneHQM3epzX5NrO:QVd1CFU7H4SjCvrM+rMRa8NubUt

Score

10^/10

svchost njrat

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

svchost

C2

127.0.0.1:37383

Mutex

5f0edea008a4109415956e9eb957dc99

Attributes

reg_key
5f0edea008a4109415956e9eb957dc99
splitter
|'|'|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
test.exe

Files

test.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ