General

  • Target

    thismalwaresampleisverynasty.zip

  • Size

    30KB

  • MD5

    2796b0c3b7b9e89da936dcdd5b82044a

  • SHA1

    3fe69eca7c791bad0c0efce092b8dfee61726d92

  • SHA256

    6eaa027edff4ad0f291eb3b3f10c7195c74baca318e76be0cbf99e04d7c5e149

  • SHA512

    74c663cd0d8feb39ad3fa2ef64dba2fb42a51d7a19b7f1792c28427676b6d811f8ad8845b9e58627272d9aa067ca1c7bd90e473d2ff59c6aa32941d7472abd63

  • SSDEEP

    768:1leukZ33ZyFoXfokoh9wWb0kl5aXW8YFWQ0t0MYZ:TnSZhQkK9w+5eYbvZZ

Score
10/10

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

8.tcp.ngrok.io:10489

Mutex

d7fee67e410cfbc876590bf5c06c5f19

Attributes
  • reg_key

    d7fee67e410cfbc876590bf5c06c5f19

  • splitter

    |'|'|

Signatures

  • Njrat family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • thismalwaresampleisverynasty.zip
    .zip

    Password: infected

  • d59c7ccf805724c5a8704e0ed9e457bfe33b61e150d646c1da2703e30c22da9e.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections