njrat | c28ab8e6344993ec8adc16f5f6ac61ed1783a17770260d91230ce8eb19cddfd6

General

Target

c28ab8e6344993ec8adc16f5f6ac61ed1783a17770260d91230ce8eb19cddfd6
Size

11KB
MD5

5e1a008ff62869f520f0c9c437e6ac3e
SHA1

751613d07b535c446970796eb9361922fc7fc630
SHA256

c28ab8e6344993ec8adc16f5f6ac61ed1783a17770260d91230ce8eb19cddfd6
SHA512

30e7a175e9d7e6d59784a70bde5bf647c8474b8f5cf8855e561711058df964dbe60f9f1da23be3806b14e8555e1b102b8e4b7b2e45810f9e7a629902c2fb1d97
SSDEEP

192:vJNPf+Y5YnsIhLS8hWlsVhmA2gNHzZtZWnmiHYMw6NP9t8iEFRf7n2:vJ1mBsgbVhmA2gFzTQmi4B4f8iYD2

Score

10^/10

paulo2 njrat

Family

njrat

Version

0.7d

Botnet

paulo2

C2

swuhH3-22324.portmap.host:22324

Mutex

8ee321980d6be66417cfa18e5070498f

Attributes

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/cdb2580b515e92d91c18ba0cf1e5c8f0db6de62a2edd83f070da7abdeeccdc80.exe

c28ab8e6344993ec8adc16f5f6ac61ed1783a17770260d91230ce8eb19cddfd6
.zip

Password: infected
cdb2580b515e92d91c18ba0cf1e5c8f0db6de62a2edd83f070da7abdeeccdc80.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ