General
-
Target
svchost.exe
-
Size
93KB
-
MD5
b5a92a45da656d62c03ab176a8b3c5c6
-
SHA1
120cae5967ce807f0ff09b1de69c4a1a3a6a7c0f
-
SHA256
f735bb2b509c1cf6de89478fa12372c17d602a0fcfcaa7e3bd6ffaff2f2292ea
-
SHA512
e78b6384be5b6fa56a5467050da7a9ee40e506cc4d0868d22648a441af3fe25d36d3f466f908992f5bed1d9715f1695a4659c177959f3ab9ad37ceae418324ef
-
SSDEEP
768:MBY355+EX74tXUIM5YT8/GED60m9ZX7jVXQtSNOXxrjEtCdnl2pi1Rz4Rk3EsGdm:t5+o4dT8eOvm/utFjEwzGi1dDcDKgS
Score
10/10
Malware Config
Extracted
Family
njrat
Version
0.7d
Botnet
HacKed
C2
hakim32.ddns.net:2000
147.185.221.20:50199
Mutex
0f9b350303506f18e1c5e62bc5ce8f04
Attributes
-
reg_key
0f9b350303506f18e1c5e62bc5ce8f04
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
svchost.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections