General

  • Target

    882c93ae598405b86eb8e8029613030dd50fc88f80984e0a43304851c1689755

  • Size

    10KB

  • MD5

    aafc2b17c34a1e7ccaa04f5800c1cc98

  • SHA1

    b63605628fe3a3473de814fc188524c370674535

  • SHA256

    882c93ae598405b86eb8e8029613030dd50fc88f80984e0a43304851c1689755

  • SHA512

    20b995191f3de7d5f9398cb0cc74a11a1a4592776579bb9b10992ae00a212ba10e0778212bdac2002777edf8b34740d0af023cf0ced36717c607b3bdb9044d62

  • SSDEEP

    192:KkKgxIEIJz4XwD4FwZB/RoApDCl6q5VqdsWzEPeQ:KREcMg9B5oApul5VqXIeQ

Score
10/10

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

promesasalvaro1.duckdns.org:5553

Mutex

b18c5b4032c046e

Attributes
  • reg_key

    b18c5b4032c046e

  • splitter

    @!#&^%$

Signatures

  • Njrat family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 882c93ae598405b86eb8e8029613030dd50fc88f80984e0a43304851c1689755
    .zip

    Password: infected

  • 323b929dfecc1ad83c951e2ade801749abeebca666e77ec11672930a6e44d4d6.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections