njrat | svchost[.]exe | Triage

Sharing

General

Target

svchost.exe
Size

23KB
MD5

fe65e21ee42fd764716943a1bf1fe638
SHA1

854c5afd287f44b760aceaba2541fb34c5bff365
SHA256

2f0c3425f42cc767ed0735bd688b6c41b8996f0b07943284509bd6200d03f6af
SHA512

3bf488655b5fe7cc3917fac0ae5e8743b9325675e20ee958af05e33b9acc675c8e97c1a83d0b65fe6f770096e545a61ee78ca9210ca8ff94d1896dda4731fc2e
SSDEEP

384:MDbJ2T4JjWZFNwXd0eiNUSmvt6agw+t7OxQmRvR6JZlbw8hqIusZzZPp:nT2CZ1NQRpcnuG

Score

10^/10

njrat

Malware Config

Extracted

Family

njrat

Version

0.7d

C2

147.50.253.94:5557

Mutex

a50eb2cdc1c4cff9d0b54be4964c226d

Attributes

reg_key
a50eb2cdc1c4cff9d0b54be4964c226d
splitter
|'|'|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
svchost.exe

Files

svchost.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ