General
-
Target
db387208278c3a90d57f688f1b033bb1.exe
-
Size
543KB
-
MD5
db387208278c3a90d57f688f1b033bb1
-
SHA1
5ab6e58b54b4d43591da661a2bdc538bc69f9850
-
SHA256
cd34e9df2818c24a997cb20b620af8498b42df79617e062e4802eae63d56cf32
-
SHA512
bb7af7d0e78b5416d3387d97ab13055b6aea0c12fa0cb798c6043f13d1c1448f2699b3940962c2df545297875be89b2356ff9e3a8f5a7c8157238712dd6db163
-
SSDEEP
12288:HiJmalyw9qfcaF52WgAIsAxOfqV42Rqol0M0pMsRNQSJGmENwMpU:CJigAm3lTad
Score
10/10
Malware Config
Extracted
Family
njrat
Version
Platinum
Botnet
Victim
C2
kgb963.duckdns.org:2184
Mutex
svchost.exe
Attributes
-
reg_key
svchost.exe
-
splitter
|Ghost|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
db387208278c3a90d57f688f1b033bb1.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections