General
-
Target
XWore.exe
-
Size
30KB
-
MD5
3fe54bfffc7a2c8b2b110353db4339c1
-
SHA1
c1efe869ea6915046b6f35bcee7e933a0cdeaed4
-
SHA256
3ff76fecfadb44a659b996e2eea12c51449e2c91fe318dc68078203c102d601a
-
SHA512
d871c30b2bbb85e41be8fc4a243c9cab10d686dfd99043032a5a1a51c082b5a0287687188df75b0a778a7effe70b423dc3c3087bae25231c7c55327af17d8741
-
SSDEEP
768:2rhO5b13hdwzxLy3os0O/dMRvCnQmIDUu0ti3nCj:IcZ6eh6gQVkzj
Score
10/10
Malware Config
Extracted
Family
njrat
Version
0.7d
Botnet
MyBot
C2
121.185.6.149:6667
Mutex
3835569585b779d1906a0dacea0d2ff0
Attributes
-
reg_key
3835569585b779d1906a0dacea0d2ff0
-
splitter
Y262SUCZ4UJJ
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
XWore.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections