njrat | ReO [.]exe | Triage

Sharing

General

Target

ReO .exe
Size

27KB
MD5

fd123a231f334ae803146654ebffc7ec
SHA1

3865e5cf4a18d226403242b69ef56ed4b90a2ec3
SHA256

64163a051aec95207115a88d45fab57751d72334883d75b4c57d25064d074019
SHA512

208ef208266872792bbccf492e3e49ed06aa221af9d866f280f41c17e758df903b1b9a80962eb73506df6f572146a67b1aa36d83eca65f1357612110c1169c84
SSDEEP

384:nLcrPbNnO4Y1JeRGJzh+FP75BXMiAQk93vmhm7UMKmIEecKdbXTzm9bVhcawQ9rK:LOPbw7AytiA/vMHTi9bDk

Score

10^/10

hacked njrat

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

HacKed

C2

:5552

Mutex

Windows

Attributes

reg_key
Windows
splitter
|-F-|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ReO .exe

Files

ReO .exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ