njrat | 7d830ebb0a9aa4b17c5a471633e1b354bdefd35e5297716c5ecefbc6cd4b4982

General

Target

7d830ebb0a9aa4b17c5a471633e1b354bdefd35e5297716c5ecefbc6cd4b4982
Size

11KB
MD5

c236a4fd6d87460e1f403745197dfeba
SHA1

1a9e1ae0d984322beac720368a6cc86e15841085
SHA256

7d830ebb0a9aa4b17c5a471633e1b354bdefd35e5297716c5ecefbc6cd4b4982
SHA512

9c25d7125ebaa11f23a54dff7f85bb112d2f7a24f48124ae78ece9bd609f9394f54afb6a7de107073624c11dac313382e3be2014c5bb661ab1ee6981fe684edc
SSDEEP

192:9Jp6vFCn6mJWLdv2qZwvHi8zNgl5n8AZ+eY+Ev+Mx7qNZUJwLd7Lzs3HI:9JpWNm0LoSei8zNmB1VYZvnxwhd7H4HI

Score

10^/10

Family

njrat

Version

0.7d

Botnet

Hacked by JmRh

C2

0.tcp.eu.ngrok.io:15422

Mutex

255adf5996e3bf23b41adff1252970bf

Attributes

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/4a5fdda9ee07e884e1d89612b56a932acb9c812b72cccacde885da0f9b4eab31.exe

7d830ebb0a9aa4b17c5a471633e1b354bdefd35e5297716c5ecefbc6cd4b4982
.zip

Password: infected
4a5fdda9ee07e884e1d89612b56a932acb9c812b72cccacde885da0f9b4eab31.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ