General
-
Target
WindowsServices.exe
-
Size
72KB
-
MD5
d8659cc2d6e5e8556c7a025e5576d451
-
SHA1
8fe61d5735a082964ab584d72ffa0453a47e7c67
-
SHA256
7ae15b8241e080cb071b1f79d8d7a422d8fc5b8044e60e714220991fcd7f91bd
-
SHA512
d93ff34bf6a118c4e23e765a093ac98e90eeb9b70eabdf16c52cd7ca5b4f8d10de4721348a0635bb9c8dc7932b25b46804d82560c76249002d56ddb5e3183fc1
-
SSDEEP
1536:C/qKkTm4BoN36t4QviFw1UjLkBnvAcfLteF3nLrB9z3nFaF9bqS9vMJSQRHAFtC:C/qKkC4BoN36t4QviFCooBn/fWl9zVaL
Score
10/10
Malware Config
Extracted
Family
njrat
Version
Platinum
Botnet
Users
C2
127.0.0.1:1337
Mutex
svchost.exe
Attributes
-
reg_key
svchost.exe
-
splitter
|Ghost|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
WindowsServices.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections