njrat | Server[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Server.exe
Size

24KB
MD5

fa9439d61c3c28bb92a75095cf39d6bc
SHA1

a959b37a215b1417e72fb7df722e9cecd8f29629
SHA256

5f135cd0ac161e5ec8e90598e5ad2f1db3981a597a3c0f1cbd4aac54189c62a8
SHA512

49703b19e66daa3932dc7074b99ef6859005b45f99b7cd84d3681291cf006b4526ca7561bbfeb6c1527fa7ab57d9164eaaf331af3308416b23ac6e5cc59c7fa2
SSDEEP

384:BiURxJTt/6ECAaWhy/DHNCZElrP10OZWtqO7ctJNl/R3G0CTC2PjkUPeZmR:Bx5tCqxybsU71xWtqO7OZBEVoUPeZQ

Score

10^/10

hacked njrat

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

Mutex

ee714fb89d1a0ba22c66b8980599112e

Attributes

reg_key
ee714fb89d1a0ba22c66b8980599112e
splitter
|'|'|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Server.exe

Files

Server.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ