njrat | Server[.]exe | Triage

Sharing

General

Target

Server.exe
Size

40KB
MD5

d68c05c79e88c0778ccbd2dd61d8e51e
SHA1

ab6161248a94b0bca947a252a2a9da0c4a2e18d4
SHA256

bc228f9d761133c53a25e3a7fbd7a599a6e028b5e59730bd33c3c0bbdc367d96
SHA512

6447a9504828e4a196e984dafc8c364d261022146875f252c91b387fcc0c968050f253c57f586e36439940c47ea0e18fd10ad6f9a7964b40cd41acd94b541ceb
SSDEEP

768:SRriitlfEX65LCWQI4iAOuQdOsVhyV6QM3DI:SRriitlg1I4NOuchyET

Score

10^/10

hacked njrat

Malware Config

Extracted

Family

njrat

Version

1.9

Botnet

HacKed

Mutex

Microsoft.Exe

Attributes

reg_key
Microsoft.Exe

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Server.exe

Files

Server.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ