njrat | d16ff40c993f356fb92940a67a7e8dbc047477171721850bd02b2fcd03bc272d

General

Target

d16ff40c993f356fb92940a67a7e8dbc047477171721850bd02b2fcd03bc272d
Size

16KB
MD5

6a120c58ac934afe611236a8d062cc0c
SHA1

e0a9d77524d2310f9598df98973c7ff1cc20ca4e
SHA256

d16ff40c993f356fb92940a67a7e8dbc047477171721850bd02b2fcd03bc272d
SHA512

f47bdc16b4c5b2c41d39955bbac6af8ecab7d70f76a76adc048039ffd54a8f00a11bea5946085a0ff8c06a3c0034de2390a504d89ce521cb85767c3ea174f937
SSDEEP

384:jzU2qoHEhBh+PaOfNNPLvEmsqeM1Vzs23G8ihriBwPunIPL/hoLSv:jg2qCE75ObPQ9QVzb28miBwEIPL/h9

Score

10^/10

hacked njrat

Family

njrat

Version

im523

Botnet

HacKed

C2

7.tcp.eu.ngrok.io:15966

Mutex

6e73430ec30ccb425726caf9fe81f553

Attributes

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/c7b4072d1237617b13a7613c46e5a4b63bd8e09b7c9eba9409133fdd0aee7b10.exe

d16ff40c993f356fb92940a67a7e8dbc047477171721850bd02b2fcd03bc272d
.zip

Password: infected
c7b4072d1237617b13a7613c46e5a4b63bd8e09b7c9eba9409133fdd0aee7b10.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ