General

  • Target

    vpn.exe

  • Size

    37KB

  • MD5

    093e932e2c731430712e88dc48ea5af1

  • SHA1

    2a6d0d2aa4465aa8b9f7c4cdb65405e171f75f56

  • SHA256

    1aa39833633eed6a92dee89511c52f6b268466a99d9a75df174ad4b96e69388f

  • SHA512

    9ea258179a6d94af5bb17bda4579d3136b4ce541139f773386684f9f16b07966b32fee15d9ec8bbe191f10d54f24425e96301a1cb85623343eac04a87998d33b

  • SSDEEP

    384:9apMiL3BndznNCyMGmjuu3HLcWYThhrAF+rMRTyN/0L+EcoinblneHQM3epzXIvM:0pRNRMGmjbbdY9hrM+rMRa8NuGvkt

Score
10/10

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

farted

C2

5.tcp.eu.ngrok.io:13677:5552

Mutex

31ff3a1a3add41e656b25050dfc01b68

Attributes
  • reg_key

    31ff3a1a3add41e656b25050dfc01b68

  • splitter

    |'|'|

Signatures

  • Njrat family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • vpn.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections