njrat | 2016387ced33889b3ee002b9ff9f7dfcd91ae2b1358f96279488265e44bc0770

General

Target

2016387ced33889b3ee002b9ff9f7dfcd91ae2b1358f96279488265e44bc0770
Size

18KB
MD5

f16a34d67a40b66f2595de4b485b3ef8
SHA1

0af910b1733db7dbbdc2aaf0ab9442203debdc89
SHA256

2016387ced33889b3ee002b9ff9f7dfcd91ae2b1358f96279488265e44bc0770
SHA512

4f329333c4eaac8429f6732436b4a7d48c3b8a1fa370bfa49e90c91588ba84c4034721bc5858f135828169a84a4a1f658c90db2cef2b1d0274a6be5156713fb3
SSDEEP

384:EitLEhMqRI6pohxvP7o0twLy3Z6oaCAhRjoke1YD0Ev5NEFOmxcnc:FLE6YIeonP70GZ6vb8ke1YAI5iQmxcc

Score

10^/10

hacked njrat

Family

njrat

Version

im523

Botnet

HacKed

C2

4.tcp.eu.ngrok.io:10929

Mutex

39b05030c645f6e80bce801caf1f7d61

Attributes

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/6eea9641063b4f2e44360afc7bee1894423dc6aa92e7e497740fca1758d38c25.exe

2016387ced33889b3ee002b9ff9f7dfcd91ae2b1358f96279488265e44bc0770
.zip

Password: infected
6eea9641063b4f2e44360afc7bee1894423dc6aa92e7e497740fca1758d38c25.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ