General

  • Target

    DarkLoader.exe

  • Size

    53KB

  • MD5

    464f4201b6e847f3685e83503c8934af

  • SHA1

    7ce3d09cb4387a831c3073b251a70eb0771f1f17

  • SHA256

    37b738b858489999cad233e5527d50833cd7bd16b184eacc347670b98c76feff

  • SHA512

    d0681734e235b08d8d70b79cd1cac1da22196450f0e69f74749633542c559ee9f6ff85908202bd9a05ced0e1e62790a9fcb7e24802d288a58ceab39f2ed4a91f

  • SSDEEP

    768:5S7TZ38fvCv3E1cQrM+rMRa8Nu/itiHT:5uTZsHCv3Ear+gRJNU5

Score
10/10

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

2.tcp.eu.ngrok.io:10092

Mutex

adf4d2e3ce93b6a85f5bba50f2082510

Attributes
  • reg_key

    adf4d2e3ce93b6a85f5bba50f2082510

  • splitter

    |'|'|

Signatures

  • Njrat family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • DarkLoader.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections