General
-
Target
0x000b000000012327-69.dat
-
Size
543KB
-
MD5
ed6644ca94ac1d26ee220910e037cafb
-
SHA1
8d199762d1ac9d1f59645be3b1db0d8edaa7ffdc
-
SHA256
6468af91fbf22cb8844d4cb789cac89aca605a2e16a1daffe8d66370da301a5c
-
SHA512
6f99e25cbc9f59d9accc33ecca565f1a76b4a742ac7795b8549c7d1b29f2c235250f4448216aae65c45628145c39204799333c5c3f1d31f8158cd3ed57f41c60
-
SSDEEP
12288:vxcmalyw9qfcaF52WgAIsAxOfqV42Rqol0M0pMsRNQSJGmENwMpM:5cigAm3lTaJ
Score
10/10
Malware Config
Extracted
Family
njrat
Version
Platinum
Botnet
Victim
C2
kgb963.duckdns.org:1152
Mutex
svchost.exe
Attributes
-
reg_key
svchost.exe
-
splitter
|Ghost|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
0x000b000000012327-69.dat
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections