njrat | c48d4494ce9619e7812b2c156cebebf3c70ce3e81e092b54d9f407a56725ff32

General

Target

c48d4494ce9619e7812b2c156cebebf3c70ce3e81e092b54d9f407a56725ff32
Size

11KB
MD5

a269dc0b9b8144e1f0b4023f256c6e76
SHA1

47dd664f57c1c4b0c869159c23095bf5d6e27edd
SHA256

c48d4494ce9619e7812b2c156cebebf3c70ce3e81e092b54d9f407a56725ff32
SHA512

49adf84d8bea8de481190c446a48d9676bfde8d85ebb4a26ed51425162c490cfdce2e04e8360334a104fc17da20eeeb7748a2321b72780bfeba8f76392c29904
SSDEEP

192:qvR7lpHi524tv85Wx8vOfO9yyNsgtunM0a9iLQ17opmTAd5Z6+AU0nLGmv8/PTBy:qb1a5vmvO29y2tunM0mg+opm0d5ZxAUY

Score

10^/10

Family

njrat

Version

0.7d

Botnet

engeTelegYTB

C2

0.tcp.sa.ngrok.io:12232

Mutex

449a837c935b52c7fa6cc6134a3b6051

Attributes

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/a1ca26e5e4fa40fdb92cad8461c2e960211dce0ced2407ab775c80bf155c112b.exe

c48d4494ce9619e7812b2c156cebebf3c70ce3e81e092b54d9f407a56725ff32
.zip

Password: infected
a1ca26e5e4fa40fdb92cad8461c2e960211dce0ced2407ab775c80bf155c112b.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ