General

  • Target

    b8a825c21a22ae4652346ac8c9ac733a.bin

  • Size

    11KB

  • MD5

    e1dea96ffd904b02d27aee4fdf9132ce

  • SHA1

    32277473c5cec456eda913d8742ae4f6c3ecfb16

  • SHA256

    a6536c1700841a5790facc7593648a80d3db7e41b0f29082ef2adaa3f4d42c1c

  • SHA512

    35c42498bae04b004e2f6d7be9485b3ba9e3cb8c0f44601c3a40977ae675cea5186ce32dbadf0839af9cf131a207bcd74bfc71e68552eb706a054bfac26b0226

  • SSDEEP

    192:L5Tzpv+1jM/y4gXxgQQxVlgGHAmVR4GH7JQm/k5FSA1gXzv5FgWWNjtu:dTZ+dM/VgXYlgER4Gbqqk5FSA3WWdtu

Score
10/10

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

captura

C2

safeprojectbr.duckdns.org:1010

Mutex

7419d4eefff139ef331923c8857567d8

Attributes
  • reg_key

    7419d4eefff139ef331923c8857567d8

  • splitter

    |'|'|

Signatures

  • Njrat family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • b8a825c21a22ae4652346ac8c9ac733a.bin
    .zip

    Password: infected

  • fdaee92ea99d938b43ee9c1d49fc048f4af9cfd874aefa1370024f8490f70629.exe
    .exe windows:4 windows x86 arch:x86

    Password: infected

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections