General
-
Target
Server.exe
-
Size
93KB
-
MD5
3f3ae3a450723c80b1aaff419e0d1369
-
SHA1
bb3e89cde4dd9d29a688b25a0002163540555b6d
-
SHA256
8d4c9b97cae0f3c35ab9a5ffa7f1ab45f7c304fb0d7c517828fed0c2048f6d4a
-
SHA512
81cfe00bfb7ff567b66747937c37ee846ae8a672dd3be573b013bc431c2d7d9602f7c02f568a3c996cefc2f86ca9597bc64e9f615b3ef7aae45360e3d15f6aab
-
SSDEEP
768:QY33lgSRmnldjcRoMwrx7Y+DIkIITJbXX0pOt8ux82SXxrjEtCdnl2pi1Rz4Rk33:PlTmlbrq+1NTZ0OMjEwzGi1dDzDXgS
Score
10/10
Malware Config
Extracted
Family
njrat
Version
0.7d
Botnet
loh
C2
hakim32.ddns.net:2000
6.tcp.eu.ngrok.io:11237
Mutex
9a1d999f2150f6d33406593daec54346
Attributes
-
reg_key
9a1d999f2150f6d33406593daec54346
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
Server.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections