njrat | Server[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Server.exe
Size

37KB
MD5

c55885f545ca8989c5f4938bce0c69ff
SHA1

0fb0b5b86cb52312d92ce4374b7947ed61bc4bd5
SHA256

90b40d7fb2b3986c5cb924add1b51910490fc1dbec587c77841d99cf6d3bd83e
SHA512

e95821481d28d6f560b720d72c651fd9408d50f2ed1adbd00c7453be2ddbf820947ff0e0e60d377e65991c3f350203230b55fac4f15f1ab81ff93df9d76b0e5d
SSDEEP

384:AeLx1kit8Zf5W9cTYXyc/bBM0izvncnPMIurAF+rMRTyN/0L+EcoinblneHQM3ek:dLxKjjTYic/be0PM/rM+rMRa8NuWLt

Score

10^/10

hacked njrat

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

147.185.221.18:18746

Mutex

796d5fd22d1c29252c4b3736f6155ffd

Attributes

reg_key
796d5fd22d1c29252c4b3736f6155ffd
splitter
|'|'|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Server.exe

Files

Server.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ