njrat | HWID Spoofer[.]exe | Triage

Sharing

General

Target

HWID Spoofer.exe
Size

357KB
MD5

c9b25c1bc4eb54124dad046b3b9e4241
SHA1

9e075389a2f34e224a68f84a1c5bb4d665077180
SHA256

620b80bcb9f45c4f6f8a0f2c503b4c639deb22c8b2d46d53261f695b51c2b0be
SHA512

75daa5a302e7faa1bca08b5f3101b757c07fe844945557b656143b85d37cf1fb0c45e51592d41a50827c0a2871bb9dfeaed502b5971efa4a307f7ade39bdd52d
SSDEEP

6144:XYn5fNz3b/DKgUff6zxXINL8AlskBgw+uAVJK25HZ56Bk:XYn5fBGn6z9CABkG

Score

10^/10

hacked njrat

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

127.0.0.1:5552

Mutex

c3deeffb05c4fa7f233694e4990d7e74

Attributes

reg_key
c3deeffb05c4fa7f233694e4990d7e74
splitter
|'|'|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
HWID Spoofer.exe

Files

HWID Spoofer.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ