General
-
Target
3fded8b6f5d9d5a5fae86f9674ea866a.bin
-
Size
34KB
-
MD5
aba6a7f1f91bd61be561ce76f2f9df86
-
SHA1
e6f58ab523959abb78e606fb5e94ffdd06b6c4f7
-
SHA256
c7f283ae13c0863e2573e9ac6b9bf0f9b0b9959f423ba19b31fd3b835c694f9d
-
SHA512
364acd4d01d11ff0ce28dceca826accf593aa5486dfc7041a0e2c0c97a4d101a9ca0f7f851db250063bdde71a1ddf2d0bfb514909a35e0fc51b5fded2abc25bd
-
SSDEEP
768:1KNX0A05bMYdGFC1Xs44NpVpZHzdg9UvWPFAaJf3o0+upuB2RV4+2H:1KNXwdG2HQpHpg9eaFAUfuouoV6H
Score
10/10
Malware Config
Extracted
Family
njrat
Version
0.7d
Botnet
HacKed
C2
hakim32.ddns.net:2000
2.tcp.eu.ngrok.io:13659
Mutex
d6bc671dd3b3f7e48ec555afe62c35c7
Attributes
-
reg_key
d6bc671dd3b3f7e48ec555afe62c35c7
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
3fded8b6f5d9d5a5fae86f9674ea866a.bin
Password: infected
-
1179db3cb1329d70adbc2ef437d45fab1ded8b5612c6f97b15dc05c7ee6e40a8.exe
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections