njrat | 233542a5a45357568fc6cd9d4559362afcefa19291617e0995a195586f4bd2f8

General

Target

233542a5a45357568fc6cd9d4559362afcefa19291617e0995a195586f4bd2f8
Size

16KB
MD5

806576467b51c792f7a5e0b3b03dda38
SHA1

d259459ddb4fdeef98599644b67b81782154075d
SHA256

233542a5a45357568fc6cd9d4559362afcefa19291617e0995a195586f4bd2f8
SHA512

05246bd0e98ec0fd5e0f0c36edec878fabfd8480d9153966d6f29650df7c8baf01164e1e5e20e34cb1bd38ec90afca96eb53df315561c34c83971138ddf0be19
SSDEEP

384:Oq26/zPZuj5+lFV086o4hODRYoftWUD9bK9jnL+hwHLZWPoF9Prfagoz:Oq17PYj5+lFGdhQ3RuL+hwHL3M3z

Score

10^/10

hacked njrat

Family

njrat

Version

im523

Botnet

HacKed

C2

5.tcp.eu.ngrok.io:11024

Mutex

886e4e6cf55be20a7d674097273f111d

Attributes

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/6f3d6bf9ee09bd4cd6af117cca33965c33b99a7380d8de14450b7d4a3cd499b8.exe

233542a5a45357568fc6cd9d4559362afcefa19291617e0995a195586f4bd2f8
.zip

Password: infected
6f3d6bf9ee09bd4cd6af117cca33965c33b99a7380d8de14450b7d4a3cd499b8.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ