njrat | svchost[.]exe | Triage

Sharing

General

Target

svchost.exe
Size

29KB
MD5

876efe6368af95f55720c1f6ca571821
SHA1

e41680090e7a5936e08c353e10d11e13e0a8117f
SHA256

ba5ed0e293d0ea36c31f0a7e2aa9e5921e6db7a6b147773c2a13d19fe9b7841d
SHA512

b2f2301ff6331c4a0cd4e6913d1a4bf165b10ada5c37544efea8df154ebdff8b1dcffaeb1f081e4ef26dcae33b507c10ce0eeb8f78200a19d4b88f05f787408f
SSDEEP

384:ChkrLGN8fNl7L5H4yAyr9n95/K4ZoumqDYcqeYtGBsbh0w4wlAokw9OhgOL1vYRc:h7R4yAy944Aq1qe5BKh0p29SgRgR

Score

10^/10

hacked njrat

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

HacKed

C2

192.168.1.25:1604

Mutex

ba4c12bee3027d94da5c81db2d196bfd

Attributes

reg_key
ba4c12bee3027d94da5c81db2d196bfd
splitter
|'|'|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
svchost.exe

Files

svchost.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ