General
-
Target
0671648da5db4aec0427a367236caefc.bin
-
Size
42KB
-
MD5
abe189c110fefabba8b9a2622b66fbae
-
SHA1
2a0cb494c38e308c2db9103a90ef18637bcd17f8
-
SHA256
5298c4e9a5c77070bb6712c61dc7a3ae54b46edd301bfbeb362fdc762dd6f54a
-
SHA512
3f02475d20cd90e502ad3e3a4468682d21a2837ba15cc30a0fde6be0b30e1a99e9ad8c43ee88ffcc9437f0fd43edbc3da3b84beb4a8f0ba66b29e6cc6d29ab40
-
SSDEEP
768:02QJnaRwgJ5UZeO3KENl+3slhZsBY08SJXtDeQ9KJHQKAz4/h48xwe:UJnRFeL0riBj8SLVKVQKAoee
Score
10/10
Malware Config
Extracted
Family
njrat
Version
im523
Botnet
Читер
C2
4.tcp.ngrok.io:18816
Mutex
2c7e14d5ff80d521a7038e2a59fdf5e6
Attributes
-
reg_key
2c7e14d5ff80d521a7038e2a59fdf5e6
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
0671648da5db4aec0427a367236caefc.bin
Password: infected
-
b97492dd9202f24aa31d172addc7891cf6331c0be523ca00d70f30627a2d7532.exe
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections