Overview

overview

10

Static

static

10

fotos_motel.exe

windows7-x64

10

fotos_motel.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0f3be175aa7ae9d636bc50687e697357_JaffaCakes118

  • Size

    10KB

  • MD5

    0f3be175aa7ae9d636bc50687e697357

  • SHA1

    31b9099c6c0fbbe509103b8194d4c19f89bfd3aa

  • SHA256

    a6a98e011ec777596c5085902810dfedef0f1afa157c112795258dab56de0940

  • SHA512

    20b0ba605c0456b3a80ed5ef815668dad3e0d8224420110907418040d48802f4deebfd03efcffb071c1a0926595d273a71f9c94fe1e63cecad66578db65652a2

  • SSDEEP

    192:lSNpGbhG7O9kdHe2e4///OJZAx4A714XNe2ZHlhTCkN+LvmeO4qgemg:I4sqIHx9/0ZAx4A7CRZHf/Irij

Score
10/10
pwnednjrat

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

Pwned

C2

host315.ddns.net:9922

Mutex

1b6ca0ec95b6c35b2a743fc3c0b2c0db

Attributes
  • reg_key

    1b6ca0ec95b6c35b2a743fc3c0b2c0db

  • splitter

    |'|'|

Signatures

  • Njrat family
    njrat
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 0f3be175aa7ae9d636bc50687e697357_JaffaCakes118
    .rar
  • fotos_motel.bat
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections