General

  • Target

    startup.exe

  • Size

    93KB

  • MD5

    56136d844535b62d144f7a5681286e9e

  • SHA1

    2f3f4f9a1626e8fbc5126bea62a044eefcad83f0

  • SHA256

    70ab831f903d0fb56d7c2a689592a495063d3f6c07d167275b9569f1bb894760

  • SHA512

    9cbc927c0917d27f8bbe4c0d02349399f5c44db6176ac22d7857dfa68a5b5e6cc86750d42524484547fefd6663633bf26f6525b2efd8cdd90e424e54c484b19b

  • SSDEEP

    768:tY3zitD9O/pBcxYsbae6GIXb9pDXQzVMBwXCmXxrjEtCdnl2pi1Rz4Rk3xsGd0E3:QinOx6baIa9RtytjEwzGi1dDBKEgS

Score
10/10

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

dock

C2

hakim32.ddns.net:2000

pool-tournaments.gl.at.ply.gg:7445

Mutex

f1131a682275158f890d0e173fc26677

Attributes
  • reg_key

    f1131a682275158f890d0e173fc26677

  • splitter

    |'|'|

Signatures

  • Njrat family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • startup.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections