njrat | 3afb59529ffa4513006bc0439666f31bfff54d2d3de260f0f5280e1ac8cc2190[.]zip

General

Target

3afb59529ffa4513006bc0439666f31bfff54d2d3de260f0f5280e1ac8cc2190.zip
Size

16KB
MD5

e88bad1fa8afea963976c8bafcc557f9
SHA1

d2dc4daec673ca5c37df06291a009e87c713cc98
SHA256

28d1e930a39fd4c602dfad940907aea259ec2463268e935cc54bb2a3fdcc8560
SHA512

6a9916faafcd09bf6d26b3d241663b63c3d257f30ec873e828f27225380466858b4ef996293f41969e5c9e78c9a31a4fc377e953019b08d00af6721d62982ad6
SSDEEP

384:QPdKO5iqqBF0H12tgBnjI3tJhdZpTXhmkIjT/vLQwrCo:oZ55qjxgBnjitJhd/TTIL3rD

Score

10^/10

hacked njrat

Family

njrat

Version

im523

Botnet

HacKed

C2

7.tcp.eu.ngrok.io:15371

Mutex

7dbee8f2f3e9767fd1b1c74248c8262b

Attributes

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/3afb59529ffa4513006bc0439666f31bfff54d2d3de260f0f5280e1ac8cc2190.exe

3afb59529ffa4513006bc0439666f31bfff54d2d3de260f0f5280e1ac8cc2190.zip
.zip

Password: infected
3afb59529ffa4513006bc0439666f31bfff54d2d3de260f0f5280e1ac8cc2190.exe
.exe windows:4 windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ