General
-
Target
wscript.exe
-
Size
93KB
-
MD5
50af5e7d5d665f6e9cca447af7e8b1e5
-
SHA1
8cde307749103cf895cd8c2d87a8a73aa1017fa8
-
SHA256
c7cc2d0b72eba9ef36f0ec9ad721b8a9e0dbaacb9121ccbead85b9751eb6f45b
-
SHA512
abdcb709f2c1c7e951b9f4a61b0766db965376476043fba7c8f182740ece3e2be6ca2e7a66e09c1327274af2f507fb2cf3f5e39b2b80619f5aa33b8fb28117e2
-
SSDEEP
768:QY3CUfhWXxyFcxovUKUJuROprXtWNEpeYhYbmXxrjEtCdnl2pi1Rz4Rk3lsGdpc3:KU5WhIUKcuOJRpPhBjEwzGi1dD1DcgS
Score
10/10
Malware Config
Extracted
Family
njrat
Version
0.7d
Botnet
HacKed
C2
hakim32.ddns.net:2000
wscript.ddns.net:5552
Mutex
7cf4c2536f30115b1e3e9ebf8675233a
Attributes
-
reg_key
7cf4c2536f30115b1e3e9ebf8675233a
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
wscript.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections