General
-
Target
1phc1YJN.exe
-
Size
37KB
-
MD5
fb0bdd758f8a9f405e6af2358da06ae1
-
SHA1
6c283ab5e49e6fe3a93a996f850a5639fc49e3f5
-
SHA256
9da4778fce03b654f62009b3d88958213f139b2f35fe1bed438100fae35bdfbf
-
SHA512
71d3bd1c621a93bc54f1104285da5bf8e59bc26c3055cf708f61070c1a80ee705c33efd4a05acf3d3a90a9d9fca0357c66894dcb5045ab38b27834ff56c06253
-
SSDEEP
384:NOpYoixJbl7OHg1WykrDPf7O8GsnRlrAF+rMRTyN/0L+EcoinblneHQM3epzXNsG:gpeR1NkrDPSlsRlrM+rMRa8NuPsCt
Score
10/10
Malware Config
Extracted
Family
njrat
Version
im523
Botnet
TrupAshot
C2
documents-elegant.at.ply.gg:54835
Mutex
4a87b5397a2736773782f50e108b2da4
Attributes
-
reg_key
4a87b5397a2736773782f50e108b2da4
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
1phc1YJN.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections