General

  • Target

    333ef8b5d7f648a3d3cbf8866e6f10352d99d79f5d40e70badd973cfec08b2ce.zip

  • Size

    20KB

  • MD5

    df42450c8b83573207a5fbb800f57e06

  • SHA1

    d28ade74fe2c76e32389f101dc6a768a261b04b7

  • SHA256

    333ef8b5d7f648a3d3cbf8866e6f10352d99d79f5d40e70badd973cfec08b2ce

  • SHA512

    4806a4c83c94db4172872b8b242baf28848cf52b4932146ca9c614f1ef161a35af50db109191107eaa746f05f5a07fe9ec21a22244fb72e280cd421c117bb91c

  • SSDEEP

    384:DQKoJT2ahAMFUO3kZPVBHZaqNRMefPjZc78YyONBGAK8We:DQTV2ahYOUZVB5WUjZvYyyBXx

Score
10/10

Malware Config

Signatures

  • Contains code to disable Windows Defender 1 IoCs

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • Njrat family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 333ef8b5d7f648a3d3cbf8866e6f10352d99d79f5d40e70badd973cfec08b2ce.zip
    .zip

    Password: infected

  • 91861078428f6a75b48234afabc50176c5fa013949cd6f5910ed619ba0f6c103.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections