njrat | 32e6b362127592ee9e49750e252cb6b3df75c499cefb2045ae05b7f2e76db2e2

General

Target

32e6b362127592ee9e49750e252cb6b3df75c499cefb2045ae05b7f2e76db2e2
Size

16KB
MD5

4bdccbe4a2885528550e069a0920d91a
SHA1

998c72d4573528a261dac8cb747c378c630951e7
SHA256

32e6b362127592ee9e49750e252cb6b3df75c499cefb2045ae05b7f2e76db2e2
SHA512

448226f1e21f3d28ef09679f257377bbf37eeb330c39753a45945df866efcb44417684f4af4f559598cb8b18fe38d0f5a2f2d772f03078b57ae92160b77c13d8
SSDEEP

384:RE4xIYacHy5VhucazvxtntrlSfq670tmzDa8wj6n:exwH+V0caztKh1kjy

Score

10^/10

hacked njrat

Family

njrat

Version

im523

Botnet

HacKed

C2

2.tcp.eu.ngrok.io:19483

Mutex

68d7771434a71722449c404baa3e5b31

Attributes

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/8d1bfbe0d300231cf7892a9be51258a77f52a85eac045cb42a64b357702c0c5f.exe

32e6b362127592ee9e49750e252cb6b3df75c499cefb2045ae05b7f2e76db2e2
.zip

Password: infected
8d1bfbe0d300231cf7892a9be51258a77f52a85eac045cb42a64b357702c0c5f.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ