njrat | Server[.]exe | Triage

Sharing

General

Target

Server.exe
Size

51KB
MD5

2a89b427e10511467cf742eba3758675
SHA1

19d85fe11811f595a82c5e621decbc80f1602f0e
SHA256

26cd492b508a81f4066fd2fdec29f38e3fff456b613d8e276e1ba43eadb622a2
SHA512

f9151cc648668da33f3a845817eb7ee9871f2954d7042a0fae218c80087735bec1734a226ed16eefa168c07971d24f826039d329c29055c9f4252553fad8242b
SSDEEP

768:BDId3QTv3wXTr2/4fsR5JP7eK69dA/BJf6yy:1Idg7+HpfsRqz9OJiz

Score

10^/10

njrat

Malware Config

Extracted

Family

njrat

Version

njRAT v0.7d Edition Syria

C2

विनी蒂I3LjमेuविनीC4x:NताU1粹g==

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|'|'|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Server.exe

Files

Server.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ