General
-
Target
aa91557978aa60bc7bf9d84471e119d4.bin
-
Size
17KB
-
MD5
1b8dedacc34bdc71309b3fbda080c6b6
-
SHA1
1b2f274b51d7afd7738851f2f8ec62010f180d36
-
SHA256
6de399b632caedd1aed6d17b08c0151cb0808f5d3fc56da7b11cf239ce2d17b3
-
SHA512
e42477268e72f3d0451ebbbcacd89a1e5a429f89eefa2497f3084a6f382cc38750032933963b406b517ec1da8ab045cf48548555fa30cc75e72c748c27f0a22b
-
SSDEEP
384:yrvFGHEsnqTkeSMr+5OYocrDdsQkMjr7AJ2X8Y4JWRyAN1bBRgW6QYp:2vgMvSMrZErDdsQH7A68Y4ARyAnlSd
Score
10/10
Malware Config
Extracted
Family
njrat
Version
Njrat 0.7 Golden By Hassan Amiri
Botnet
HacKed
C2
4.tcp.eu.ngrok.io:11176
Mutex
Windows Update
Attributes
-
reg_key
Windows Update
-
splitter
|Hassan|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
aa91557978aa60bc7bf9d84471e119d4.bin
Password: infected
-
557f48ca00803c41434f3e01286839df2c69253244b5e67bd16b02c260a4a28d.exe
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections