njrat | Hi [.] Frank[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Hi . Frank.exe
Size

27KB
MD5

b8575bfc9a14781dcd9c0c328fe53730
SHA1

5fbfb278a87970b58b14874e611d47151053c669
SHA256

e6ebf3937a10ca6c0125d4fe611a9b0a93461ab0a2da09ede8931b099bd4450e
SHA512

735baa2381dc82d09488f0c0a04d5ffc8b1f56699e24f489af98a4b852d810d1e39d645b77b1fc8fd9b0fcb32661de28b06d763726eac1a788c1dbc83fafe695
SSDEEP

384:EL0RVub+AUbJrCXgfu6ZQPK2m0M5AQk93vmhm7UMKmIEecKdbXTzm9bVhcaZm6kC:SANS8F5A/vMHTi9bDZ

Score

10^/10

hacked njrat

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

HacKed

C2

summary-payment.gl.at.ply.gg:1596

Mutex

Windows

Attributes

reg_key
Windows
splitter
|-F-|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Hi . Frank.exe

Files

Hi . Frank.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ