njrat | JaffaCakes118_51c93bc46142e2e719cd9696d66427992c8c39c400f361b0361a5e4ce70a2976

General

Target

JaffaCakes118_51c93bc46142e2e719cd9696d66427992c8c39c400f361b0361a5e4ce70a2976
Size

33KB
MD5

0656121ab14c605153b81dcdc57b10b3
SHA1

0fc1b20072e2784a65bc3398f3ca5460a6a65301
SHA256

51c93bc46142e2e719cd9696d66427992c8c39c400f361b0361a5e4ce70a2976
SHA512

2f953be5598e26636ad22e446505289d78fcccf5a279cd40b143619dbb1ad317522958f55b085a5a08eb0a83ed5df2675892de20ae909282b2af708ef826de5a
SSDEEP

768:XnLWIfLxKvnHk8tEv7DfC7KiJqFN8gl6Hi:XSITxCHJOvXa9u8VC

Score

10^/10

xdds njrat

Family

njrat

Version

0.7d

Botnet

xdds

C2

hakim32.ddns.net:2000

mean-territory.auto.playit.gg:50045

Mutex

ef639845e8835c28bb4b03f7f234b37a

Attributes

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Server.bin

JaffaCakes118_51c93bc46142e2e719cd9696d66427992c8c39c400f361b0361a5e4ce70a2976
.zip

Password: infected
Server.bin
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ