General
-
Target
Server.exe
-
Size
93KB
-
MD5
a60a4d9776ab38aee2bc196c249ecb80
-
SHA1
42394e6d0afcfd0757b21a596be4108cb6b1e3fb
-
SHA256
221b0372775de487a0fd7f3f2657945d711973a04b95b0fdd6c56cc703966519
-
SHA512
40817ca7161ddcbb000c1edbfdf32a278d61493a81132534a167ff2b4b2d0e0c50c4bc4a9f39f389cfa57eb8b74f9e390ac5329b23a24e3be2671cd7d8fd6be6
-
SSDEEP
1536:5UPTr1IDavlZhbSKl9YdjEwzGi1dDXD4gS:5UPSDavlZIQmqi1dvh
Malware Config
Extracted
njrat
0.7d
TrapNET
hakim32.ddns.net:2000
regional-mechanical.gl.at.ply.gg:19194
51b6a75761673b84838f8163ee45ea84
-
reg_key
51b6a75761673b84838f8163ee45ea84
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Server.exe
Files
-
Server.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 92KB - Virtual size: 91KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ