General
-
Target
Payload.exe
-
Size
71KB
-
MD5
07a53cd66caab574be6e58cb30a22f76
-
SHA1
8c754f7b43e071c044ea0abcc04beee017063362
-
SHA256
0cb70020567baea20c6c080afcfb4e93f249097294e8f522066bca447f0442dd
-
SHA512
4ca3206da7b5e2dec47591e0b1044527631dca8c196e825c96da44a3decab113759921fff31912838814139db36ee9c72457a28c3291e6e1f1e234b673a8ffca
-
SSDEEP
1536:jeFWP5yu4oxSkq8nUTbZf2F0iZ+c9OIftkgxT04GNrztiBVXiKMt9PMrDmaF9bXf:jAHbBIffT04xX/q9PxaF9bX
Score
10/10
Malware Config
Extracted
Family
njrat
Version
Platinum
Botnet
Victim
C2
http://burhanalassad.site/BURHAN-ALASSAD:81
Mutex
svchost.exe
Attributes
-
reg_key
svchost.exe
-
splitter
|Ghost|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
Payload.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections