njrat | Server[.]exe | Triage

Sharing

General

Target

Server.exe
Size

37KB
MD5

ecd617cb522731af9b5d98c5530b7c58
SHA1

8140f662e632c451610e0b349197fc89da81c86a
SHA256

0770b34a359e8aa44073e81b774698366e4b1b51159300c0a1f7b031dc2e3f4e
SHA512

d30a1e9535767e2a815f0ef79823dcd6390b41791908d0a741f06cebf3c3c22b6cbe4170a2ce78517420049fe8d6c7cb44b7a1a44b2f7b9203d9e667680f329d
SSDEEP

384:SySU2giHF15JvubMcKyMTwGndcTvCODrAF+rMRTyN/0L+EcoinblneHQM3epzXNa:XSvTbJc5MTwGmbCErM+rMRa8Nuf+t

Score

10^/10

hacked njrat

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

127.0.0.1:522

Mutex

fee3177f30242a76b03c8a631917097d

Attributes

reg_key
fee3177f30242a76b03c8a631917097d
splitter
|'|'|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Server.exe

Files

Server.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ