njrat | ffacf02a1213ea3f97a4464512b619ab2a967878bbddedee3852fb76f8b799b8

General

Target

ffacf02a1213ea3f97a4464512b619ab2a967878bbddedee3852fb76f8b799b8
Size

12KB
MD5

847a0a25257eea52eb06051e6ccc5846
SHA1

3fb265f66e92358de83f86f779c85e3a8908f566
SHA256

ffacf02a1213ea3f97a4464512b619ab2a967878bbddedee3852fb76f8b799b8
SHA512

d7e2eb4bf492a858a137e1494c10ee5b70076555b6766f82efb744d700f96faa4f2e09291a87136a6682406ad16d725d506449d1b7db46fdfa3a904550ac0eeb
SSDEEP

384:n+n2142naB0QFLG84g94n/QQcP2JZfopXoIKY3GvY:+214ZTq8444/QXFptKY3UY

Score

10^/10

Family

njrat

Version

v2.0

Botnet

FRANK NEW HACK

C2

functions-stud.gl.at.ply.gg:1445

Mutex

Windows

Attributes

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/af2d5ae5ed7a72a3fa6a36cda93e163b84d8ad70a78afb08bcd1afa63d54f61e.exe

ffacf02a1213ea3f97a4464512b619ab2a967878bbddedee3852fb76f8b799b8
.zip

Password: infected
af2d5ae5ed7a72a3fa6a36cda93e163b84d8ad70a78afb08bcd1afa63d54f61e.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ