General
-
Target
joao.exe
-
Size
89KB
-
MD5
a88c703f3ec08baf49df569833dde633
-
SHA1
f5b47b14f247d4eb1fe0131255a43735b53bb366
-
SHA256
15b7bac15c90083ef0b56cfdcc9b565ab10c3f5590d7739839ba990ab2cdaa05
-
SHA512
391d54290d5aef71ead0d4cc5074d79c3b20dbe88bb8f617dd4029fc83d7b17064e58d95e90ecbb9c06716f1a03ff18622078a6d54d4b8d717d8daf9549fb307
-
SSDEEP
384:aRcqbCK0l4h7o9SVyDGvENuh46/gJkOmMSW38mRvR6JZlbw8hqIusZzZ2kgAD1vJ:ay30py6vhxaRpcnunF8u3EMyyCg
Score
10/10
Malware Config
Extracted
Family
njrat
Version
0.7d
Botnet
joao
C2
0.tcp.sa.ngrok.io:11168
Mutex
e6a27426758a6eb3f469a160f094bed0
Attributes
-
reg_key
e6a27426758a6eb3f469a160f094bed0
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
joao.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections