njrat | 9870102055043d889fcd59201fd8825be6754378f93d3fadcd883783d2a71956

General

Target

9870102055043d889fcd59201fd8825be6754378f93d3fadcd883783d2a71956
Size

34KB
MD5

686300db909689cb9eee92895f722f08
SHA1

1469ce0c609c266ab6bff8289d0d2c5f066fbf9a
SHA256

9870102055043d889fcd59201fd8825be6754378f93d3fadcd883783d2a71956
SHA512

646943c438c9e2ebfe8817df6e46a09b2a30eabc9070a6a7980af4544c27a655550317d4537846ee1fceeace95ce6b214c2d9dbe54cd74641f074bdf9b5cc731
SSDEEP

768:Pgz4uJSQF6iCaqFcGiD74NEiAPWBNywoc9sHTLFs56BcPJpe:Po4uwk76EJPWHybcW/7Eo

Score

10^/10

bb njrat

Family

njrat

Version

0.7d

Botnet

bb

C2

hakim32.ddns.net:2000

0.tcp.eu.ngrok.io:17888

Mutex

c86be61709b6b7df256fc75cd3352159

Attributes

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/9cbd2b339ef291aa366f995257c568f2c9b17fc456cf1e5fe099fd7761992ef7.exe

9870102055043d889fcd59201fd8825be6754378f93d3fadcd883783d2a71956
.zip

Password: infected
9cbd2b339ef291aa366f995257c568f2c9b17fc456cf1e5fe099fd7761992ef7.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ