njrat | Server[.]exe

Resubmissions

19/07/2024, 14:35

240719-rx9r4azamb 10

19/07/2024, 14:27

240719-rsfy8awakp 10

Sharing

Copy URL Twitter E-mail

General

Target

Server.exe
Size

93KB
MD5

c06868c3f04087e57ff53b4b1a115dfb
SHA1

ee55321241115bd0bd512efc9710e4d6449b617d
SHA256

bb1d38cac5d9e42f16f5370083d3a799747764a4982f835944655585af8b00fe
SHA512

762fe1f4c2232f4f9f1ae3e1247e25aaec02e635515b1cc956e26e3fc5e1e2cbb26c4bea730eb98ea40d84df2315c2760a43224f4e7e93a915b0ebd74e1a399c
SSDEEP

1536:OlbHlylw9ceH5P9/mHjEwzGi1dDgDugS:Olwlw9ceH5V/msi1d2T

Score

10^/10

potato njrat

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Potato

hakim32.ddns.net:2000

fyn001.ddns.net:3001

Mutex

96e15de349b59132f06f5946d94c238f

Attributes

reg_key
96e15de349b59132f06f5946d94c238f
splitter
|'|'|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Server.exe

Files

Server.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 92KB - Virtual size: 92KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 92KB - Virtual size: 92KB

.reloc
Size: 512B - Virtual size: 12B