General

  • Target

    6bd1372d068d74df34cfc437092d0da6dcf12f0ed4671a7f84e05f83be4e5a7d.exe

  • Size

    32KB

  • MD5

    9ff6bfc9fa02ed95328e7aed5443eba3

  • SHA1

    d66027c93e3f9f4bd05c64ea0ce0fbdeb8abad42

  • SHA256

    6bd1372d068d74df34cfc437092d0da6dcf12f0ed4671a7f84e05f83be4e5a7d

  • SHA512

    b6a64f785e37e75c6f5f8d7dcc8770381e7ff8cd8f511c7e0b0ef0cc7a7bdeced876bf9fe5b3df06e0d36a1172cf957dfff404486795bf7729cc99349b57539a

  • SSDEEP

    384:k0bUe5XB4e0X+OJ4w0Q0mS03lWTwtTUFQqzFwObbg:hT9BudH55zibg

Score
10/10

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

Server1

C2

booksports64.linkpc.net:1414

Mutex

92a2bf11308046ea919

Attributes
  • reg_key

    92a2bf11308046ea919

  • splitter

    @!#&^%$

Signatures

  • Njrat family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 6bd1372d068d74df34cfc437092d0da6dcf12f0ed4671a7f84e05f83be4e5a7d.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections