General

  • Target

    aaa.exe

  • Size

    23KB

  • MD5

    dd20d42a1555ecd374d47c41bfab8417

  • SHA1

    374e9490ab73d7e9d0cf225d0e96d2ca77becbfb

  • SHA256

    c37bcf56f3404eee897781ecdf994f8c733dcc0a402fa21bd440756a1467ae83

  • SHA512

    a260e1b7de92028aff2b379972f9199948460dcc1d81ce86389226edeef3559f8fed2f468da998172374690efb414559ec4e8528be746d0e955136d91e52266b

  • SSDEEP

    384:QMK6b2GZsx/Yr1+liORH1kcPFQ6Lg9gSOYRr9mRvR6JZlbw8hqIusZzZKm:zb9glF51LRpcnuW

Score
10/10

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

svchost

C2

192.168.218.139:5552

Mutex

33a8054157a3a1616c2f71e43acb6e31

Attributes
  • reg_key

    33a8054157a3a1616c2f71e43acb6e31

  • splitter

    |'|'|

Signatures

  • Njrat family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • aaa.exe
    .exe windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections