General

  • Target

    Serve2r.exe

  • Size

    93KB

  • MD5

    8c3c8b1f0682af30d77807ab1bbf3e56

  • SHA1

    e983bf9b69c60dfbf48704359591895978c2fc7c

  • SHA256

    698a1b8fc51154ac54399b1bcb548183b3db7be05a648a5ff39dc21b81b1fb89

  • SHA512

    00111056a6d51ad6b9e858dbda98996424c078e30d6ed9aed220690fa349406d1784986d66ae13ea78f467c3599f7a04af7c83fb354a0687c371fe17cb3b4917

  • SSDEEP

    768:jY3ACUQy0lM7utchQmnroAgFDSXaaJ4oXbyXxrjEtCdnl2pi1Rz4Rk3JsGdp3gS7:6Ut0i1nroxFMeowjEwzGi1dD5D3gS

Score
10/10

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Victim

C2

hakim32.ddns.net:2000

6543etfd2-59719.portmap.host:59719

Mutex

a49d7f19644e0bf88262c17f8f0e2bc9

Attributes
  • reg_key

    a49d7f19644e0bf88262c17f8f0e2bc9

  • splitter

    |'|'|

Signatures

  • Njrat family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Serve2r.exe
    .exe windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections