njrat | client nj[.]exe | Triage

Sharing

General

Target

client nj.exe
Size

61KB
MD5

058a8b71d991427fa70d6b7d92841f64
SHA1

7843d0567d64f151431e777e8ce684a0c234796c
SHA256

c205d2e4eb3f6e767e7c866a444aa6ac35157ed479f9dda2eaef131939e600e2
SHA512

4ffdf2e8f6629e585abd2044778413f64c546a9a4d44359b1847be544bb905db5cb3ca28d763e662ca4a5567b887a677b30891e9cfca37db47e7487d3a51d072
SSDEEP

1536:t0zI/rO0+twuCiVTlTOvwo0ia9P3AwmF9bc:tYI6POiVAIHn9PFmF9b

Score

10^/10

hacked njrat

Malware Config

Extracted

Family

njrat

Version

Platinum

Botnet

HacKed

C2

127.0.0.1:60000

Mutex

Client.exe

Attributes

reg_key
Client.exe
splitter
|Ghost|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
client nj.exe

Files

client nj.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ