njrat | e5f25600b1e6483536bae239c5ff59e496fad54cd9ca1d82be94e26f27be5fa8[.]zip

General

Target

e5f25600b1e6483536bae239c5ff59e496fad54cd9ca1d82be94e26f27be5fa8.zip
Size

17KB
MD5

01f049dce79b42601b81471acb63a754
SHA1

07fef947d4373e9e0fdb2da79cfa70bc9b0e5456
SHA256

9602f83035fa0fc4f0929df8755e017ce949e4709abc1c752d47815d134de701
SHA512

f85d6c9ec985b213f9bb8f024d56a8f910cdea01dc614ec35fac7147992b59afd08e7c2b0f8028257786964e90d0867c6f447250554c5f7cfba8fdd167a31d25
SSDEEP

384:hYM/xUaWZCUeXtF9g62vmjpL0ZIIeZTPfW+lXerwyGqkNNfAIPa04NJYC:hYIxwdedyvvI320yeNNNPaRJYC

Score

10^/10

12335452 njrat

Family

njrat

Version

im523

Botnet

12335452

C2

5.tcp.eu.ngrok.io:19026:6735

Mutex

43f790e6cbf1ad7d860172b021a05925

Attributes

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/e5f25600b1e6483536bae239c5ff59e496fad54cd9ca1d82be94e26f27be5fa8.exe

e5f25600b1e6483536bae239c5ff59e496fad54cd9ca1d82be94e26f27be5fa8.zip
.zip

Password: infected
e5f25600b1e6483536bae239c5ff59e496fad54cd9ca1d82be94e26f27be5fa8.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ