General

  • Target

    25ce3e5e7542494839e7af1037d01b75.exe

  • Size

    37KB

  • MD5

    25ce3e5e7542494839e7af1037d01b75

  • SHA1

    a0a429037733f0d952d10fe2b17e86bfc91fad8e

  • SHA256

    e5540cffba128c0d852016d11e6e154445f83b146aee17a82e9f45ac876d10de

  • SHA512

    565398f500601bf5942897987414315bc4ddc0b980df24d672bfc0c2987ba7d1c4562e0cbb022bc8dce481202096d086d056987ba2b4c8fd66c262f8cbd7c0ce

  • SSDEEP

    384:6IDIUiFubK7FmpE8QyEfeyfZOfnSFtrAF+rMRTyN/0L+EcoinblneHQM3epzXiNw:9d2n8LEfeygvS3rM+rMRa8NuwKt

Score
10/10

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

lox

C2

6.tcp.eu.ngrok.io:16154

Mutex

bf3a4c0ea202ee07bb0bc0988c661a2a

Attributes
  • reg_key

    bf3a4c0ea202ee07bb0bc0988c661a2a

  • splitter

    |'|'|

Signatures

  • Njrat family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 25ce3e5e7542494839e7af1037d01b75.exe
    .exe windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections