njrat | NJrat Horror FIX port[.]exe | Triage

Sharing

General

Target

NJrat Horror FIX port.exe
Size

55KB
MD5

56cdc4b265abb31a48123657fc9d80c0
SHA1

4133a620a6f041d307c112df950f2e054bb26b43
SHA256

f250a0479cda535937368fe524ab0f94a705b9f7e5fe1df89bb38f51a34eebf8
SHA512

ba2ca947a3c7ae97ab25bdd8c92f6efccb0fe88b16e93188ecee603736e04c8209e0fef5dd7d534d104e37fae49a7702a0966c4de72d5886867a3ed6240f6827
SSDEEP

1536:SZCgDnjNlfEvSaiID+wsNMDjXExI3pm7m:LgDnXfEaTID+wsNMDjXExI3pm

Score

10^/10

معدن ضحيتي njrat

Malware Config

Extracted

Family

njrat

Version

<- NjRAT 0.7d Horror Edition ->

Botnet

معدن ضحيتي

C2

193.161.193.99:39182

Mutex

60f551a7ca9c7dac2547782018667b59

Attributes

reg_key
60f551a7ca9c7dac2547782018667b59
splitter
Y262SUCZ4UJJ

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NJrat Horror FIX port.exe

Files

NJrat Horror FIX port.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ