njrat | 791a4175efeb80014ae7a728dedba39e9b32eb213668786bf7cb143971408170

General

Target

791a4175efeb80014ae7a728dedba39e9b32eb213668786bf7cb143971408170
Size

16KB
MD5

905f2ebbb68d3b9a26b25865dcd8df1b
SHA1

80a392537495b48e8084dea74250e6603e2d45f5
SHA256

791a4175efeb80014ae7a728dedba39e9b32eb213668786bf7cb143971408170
SHA512

3198a668410a6054c53cc36c29ebf0351846720c8c5ac3e58de579474527b5bf99d10f33958ec6c298c76379e6a37da30df6bd077d03f8b66babff261af4e3e5
SSDEEP

384:x1FKN7jBCufsvVhqYjb3efF4OSUfwRbek0a8BdXQRusvKh4dk:x1FKN7jBC2svVLj7mxSGMl8BFQbvK2k

Score

10^/10

hacked njrat

Family

njrat

Version

im523

Botnet

HacKed

C2

0.tcp.eu.ngrok.io:15574

Mutex

3af7f2b1f33dad1da92e7f8ffbbc0386

Attributes

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/db36cafda963b6464923356faf6e9ae1b953b2a85dcfd7c372c925407f1c21a5.exe

791a4175efeb80014ae7a728dedba39e9b32eb213668786bf7cb143971408170
.zip

Password: infected
db36cafda963b6464923356faf6e9ae1b953b2a85dcfd7c372c925407f1c21a5.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ