General
-
Target
x4zhwTM1H3sR.exe
-
Size
23KB
-
MD5
84c28541e9f2bdd1d7b5d3858c319972
-
SHA1
e5c20d707d6bfa47e312cde5d5e0917713efe56f
-
SHA256
c21e2b22c173da1dc5886e436fc79aa8b7378d32a4575feb828d91002875d441
-
SHA512
5c3ad1c8e299f0283fdbf2deb20d0d3d0d57836f3fe558bd553fd058782c6268d8719931c36629826f2b07d392184e2e787cb9296fb18575b01725fdd89ef0bf
-
SSDEEP
384:DnsqCm6yocx/Yp7jemiO0nd08/VQ6bgNQC5h7tmRvR6JZlbw8hqIusZzZqz:D8SoQA6mlcrRpcnub
Score
10/10
Malware Config
Extracted
Family
njrat
Version
0.7d
Botnet
Lammer
C2
microsoft-virtualpc.duckdns.org:1177
Mutex
a22f01d30c37339e652f2f834002ccfc
Attributes
-
reg_key
a22f01d30c37339e652f2f834002ccfc
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
x4zhwTM1H3sR.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections