njrat | 7a8da24080e00b6ff3a981d91b64b1435cf45d47d28fcdffcee517f835e2fa57

General

Target

7a8da24080e00b6ff3a981d91b64b1435cf45d47d28fcdffcee517f835e2fa57
Size

16KB
MD5

f153f2f255c489e395b1f2f45a81e5e1
SHA1

cd9be59c5bb225b1966519454ef707bcf917ef76
SHA256

7a8da24080e00b6ff3a981d91b64b1435cf45d47d28fcdffcee517f835e2fa57
SHA512

c9e57691b62ce11c0bd1c5e41d41b77f7dedf6ed8da5175be033dfe02736862afc90a2206cafcd2301609b9cdbbbb7e303076d96409537e666ef9153789dba01
SSDEEP

384:VErwEt6tzskBhDLEqCfKTygSe1jXcVeqrneYxqYGobv3iGCfTvXvff:uXt6psohoqQ+yvqcwq6/YGoWGCfTv/n

Score

10^/10

vidlak njrat

Family

njrat

Version

im523

Botnet

Vidlak

C2

6.tcp.eu.ngrok.io:10673

Mutex

7060e02cbd36632b02db5368f87104e7

Attributes

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/fc9fb2f4383980bda918ea2ab1fa384f8ebfd5c910fffad2d2919751682b0a34.exe

7a8da24080e00b6ff3a981d91b64b1435cf45d47d28fcdffcee517f835e2fa57
.zip

Password: infected
fc9fb2f4383980bda918ea2ab1fa384f8ebfd5c910fffad2d2919751682b0a34.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ