General
-
Target
Payload.exe
-
Size
27KB
-
MD5
aaf59a8b6053c560db9397dd7858ec32
-
SHA1
7a52cf0e7a7c86f15cf7abfa15930dcc6f0e00a0
-
SHA256
0d795e91fce451092970abe10a5b3f82528fb4bc2119fd9596cae961f760b2d7
-
SHA512
3c02b219e82639f04ccfaaaf538a380db5a5560d418ceef5a4d5cd81f90bf16478a5b6dd92879df655d590c0167bcb199e50f46b592e0f2dd9c4c295ec4b9301
-
SSDEEP
384:ALvlYn+oYjGuhcbws96PASW+MlAQk93vmhm7UMKmIEecKdbXTzm9bVhcaU6lLr6h:eNZsu2rlA/vMHTi9bD
Score
10/10
Malware Config
Extracted
Family
njrat
Version
v2.0
Botnet
Victim
C2
alshareeftwtw-28524.portmap.host:28524
Mutex
Windows
Attributes
-
reg_key
Windows
-
splitter
|-F-|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
Payload.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections