njrat | Bootstrapper[.]exe | Triage

Sharing

General

Target

Bootstrapper.exe
Size

37KB
MD5

92fd66073b9a4f83ee5257d4dfc611fb
SHA1

87377414dd581082a1e5d26633f2aa9838d26062
SHA256

cbbd4d987c1f2368de89953f3d2ab06a803806faaab1d116d6c72cf11a93cbb2
SHA512

f0e24cac627234e2556e7ce1b1634c32f0b17380850e3d956d35d6f92d1489dcad2fdcb799abbdf0d8169dff0d9c3da7a5672bf84899481368ed6909d6b19c95
SSDEEP

768:Ob3MDF3lFdS7IVW5mae2rM+rMRa8Nuvyt:Ob6F3lPSUVW5op+gRJNE

Score

10^/10

boykisser njrat

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

boykisser

C2

eg-womens.gl.at.ply.gg:7999

Mutex

2be7fcfaf2fb2c0121ad0a1c26b16a25

Attributes

reg_key
2be7fcfaf2fb2c0121ad0a1c26b16a25
splitter
|'|'|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Bootstrapper.exe

Files

Bootstrapper.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ