njrat | ea4f73e1f2cbf1495c6ac0c61113ad0ff6f04ab43b03c570feb9570f6a9e7d83

General

Target

ea4f73e1f2cbf1495c6ac0c61113ad0ff6f04ab43b03c570feb9570f6a9e7d83
Size

12KB
MD5

24804f63246b91ce5df3831136b2de3b
SHA1

e144a59cf80dc4ea54c700eee8020a37e11211d0
SHA256

ea4f73e1f2cbf1495c6ac0c61113ad0ff6f04ab43b03c570feb9570f6a9e7d83
SHA512

97829f1fcdfa52ef49863833b4e9434408005b1453c08ca25c9aa3a664272b2539bfbd53327a9c37394d26e2e3805412815b735b2a1f6124c4b3df63b9eea3a9
SSDEEP

192:eR2XW4iVt03426RJyzcxetghbjvXPjWmlryv+t6NJNKDENwvBETjg:0Tt52UJyzcQChHX7WJ26HNKAPg

Score

10^/10

Family

njrat

Version

v2.0

Botnet

2525252525252525

C2

2525.libya2020.com.ly:2525

Mutex

Windows

Attributes

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/6bd762c59e48a2fd605e2217780e3f9d00a011330b408802bbdeaa2066c632aa

ea4f73e1f2cbf1495c6ac0c61113ad0ff6f04ab43b03c570feb9570f6a9e7d83
.zip

Password: infected
6bd762c59e48a2fd605e2217780e3f9d00a011330b408802bbdeaa2066c632aa
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ