njrat | ef88013105357db2be870d0557f41e7c_JaffaCakes118 | Triage

Sharing

General

Target

ef88013105357db2be870d0557f41e7c_JaffaCakes118
Size

14KB
MD5

ef88013105357db2be870d0557f41e7c
SHA1

906864394a1715f283ba1a724b521b6e36827195
SHA256

180c1593184328ae276173554183e068d0f8379f1aaec63c7ad705042fbc7d73
SHA512

adfa4b061310545573b4da835b0c52f39b6986daf6e775cb1c0d263a21e99e04a7653f7ad2a17f0341c184e7e6df48d17d74d0aa2bda3b3b54612ec0a63b3856
SSDEEP

384:QfQQHn64PSWRgaJ3qeG3Rxos7d3o+4SGazpDJPX+cAS3:2QQa4qW643qRos72VSGop1WK

Score

10^/10

hacked by hidden person njrat

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Hacked By HiDDen PerSOn

C2

l1x.ddns.net:5552

Mutex

452d007e0e891c3400f56e8d13041c1e

Attributes

reg_key
452d007e0e891c3400f56e8d13041c1e
splitter
|'|'|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/L1xware.exe

Files

ef88013105357db2be870d0557f41e7c_JaffaCakes118
.rar
L1xware.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ