njrat | 4d69b6e0a0d60d320d68185884dc6d0170cb580e3d1a789b5d844e020496d00c[.]zip

General

Target

4d69b6e0a0d60d320d68185884dc6d0170cb580e3d1a789b5d844e020496d00c.zip
Size

34KB
MD5

f80750bc420aaf9540a36597dd7a27e1
SHA1

dc37cf0eebf9c034bbf568ab3d20b89fe14c81d2
SHA256

5e37860bbb3523d6850e18f3350ab8edcc9e5471814ba683fc7567a6b2c9c893
SHA512

eea125af1bbdea9da06c794870e553fb3163c6b2f5e8494741347788b9c4e06f57236246ca9f8bc214211bf83920aa8596639ba69e6b6a0b1dc1103896903bbd
SSDEEP

768:ZwM+M/fcN0Vjrun0rvXMg9lt3od6JZCIOf7ihTIjoPQnbgYqX4:iM+EUN0BuneXMelt3Puxf2hskPGgYqX4

Score

10^/10

hacked njrat

Family

njrat

Version

0.7d

Botnet

HacKed

C2

hakim32.ddns.net:2000

212.90.36.66:5552

Mutex

104a6afa6ac1864500ecb2e264b1a281

Attributes

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/4d69b6e0a0d60d320d68185884dc6d0170cb580e3d1a789b5d844e020496d00c.exe

4d69b6e0a0d60d320d68185884dc6d0170cb580e3d1a789b5d844e020496d00c.zip
.zip

Password: infected
4d69b6e0a0d60d320d68185884dc6d0170cb580e3d1a789b5d844e020496d00c.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ