Overview

overview

10

Static

static

10

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Server.exe

windows7-x64

10

Server.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    urok-23.7z

  • Size

    151KB

  • MD5

    88422b0dabfd7cf1eab40a493af8e013

  • SHA1

    5273adec493715b8b8a8e8113c5ad174d86b059e

  • SHA256

    a4fcf96be14346d61aebe77fb59517a0bc94d26b2d2dacc133de275d8b848c3a

  • SHA512

    fed4dec3804a6af3ae5cc65a9b7067542fb3c962942c2b6ad3227369bfbf81300558c9d4866e8f464c1df42bce1932c5cc85c62aa4c102f2c91db9e251f5a46a

  • SSDEEP

    3072:+4zd+OYfmE0ixRsoNwoJBbwghUDvIn/RBZ3BKp1/q9YrU/03hK1oMO+EXcK:+ggOABHxRTxhR/rup1/ihCKBK

Score
10/10
pos4njrat

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

POS4

Mutex

1402490874af6916a7bfdac6310f1cc9

Attributes
  • reg_key

    1402490874af6916a7bfdac6310f1cc9

  • splitter

    |'|'|

Signatures

  • Njrat family
    njrat
  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • urok-23.7z
    .7z .zip polyglot

    Password: 123

  • sample1.zip
    .zip

    Password: infected

  • file
    .exe windows:5 windows x86 arch:x86

    Password: 123

    b4c9459984428e82188c5cc6c1f86aba


    Headers

    Imports

    Sections

  • sample2.zip
    .zip

    Password: infected

  • Server.bin
    .exe windows:4 windows x86 arch:x86

    Password: 123

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections