General
-
Target
WMI PERFORMANCE REVERSE ADAPTER.bin.zip
-
Size
11KB
-
MD5
191c6db6bd3d0b50a1c152021a831f30
-
SHA1
9887f92882a63f3f2be3a81c35b1ee362b78ed59
-
SHA256
5fc3df959501137fb940263efac26efb09104fb1321294ffcba0419425b7dcf4
-
SHA512
3167c93b2287997b32be01d9771dba0b82e5371d6b20958e16d58b3fae1dcb2d6ec0fdb39271d23c79f417a78e3102d3a1be359282a3c91e6eaae0314db6b825
-
SSDEEP
192:iUXMQgNZykR5umhfiAQwh9Lu3NNutccInXfGoZNNncouZiG1c4X2SBGC8pmbgUU6:j8Xj5umNLttue2n3hn5AJX2SBcP6
Score
10/10
Malware Config
Extracted
Family
njrat
Version
Carbonblack2102
Botnet
batvoi
C2
1368.vnh.wtf:5552
Mutex
0de45b5c6627a3e65a4b2a1e68ec841b
Attributes
-
reg_key
0de45b5c6627a3e65a4b2a1e68ec841b
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
WMI PERFORMANCE REVERSE ADAPTER.bin.zip
Password: infected
-
WMI PERFORMANCE REVERSE ADAPTER.bin
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections