Behavioral task
behavioral1
Sample
2040-63-0x0000000000400000-0x000000000040E000-memory.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
2040-63-0x0000000000400000-0x000000000040E000-memory.exe
Resource
win10v2004-20220414-en
General
-
Target
2040-63-0x0000000000400000-0x000000000040E000-memory.dmp
-
Size
56KB
-
MD5
5c1e9c6092f85487c0f8c939a0961eae
-
SHA1
f8b2a354431a718b9c97195cf734a6b6a5996d24
-
SHA256
fe1b713503030882ffaab34859635c1b20e8b637d2afbc50c1dcda29c900b1bd
-
SHA512
ea980276ec3def0f5d7d3a9c3784f512e967c716f537887107ea62573a414b00730ce3cbc96185344bf3cbb4351c99d8ac1c06eb69b76c1826ddf17d01109a10
-
SSDEEP
384:BLF7+aLz+oYDCBcbQMC0PbNBJMFAQk93vmhm7UMKmIEecKdbXTzm9bVhcay68r6s:h5+waIWsFA/vMHTi9bD
Malware Config
Extracted
njrat
v2.0
HacKed
104.243.35.208:4004
Windows
-
reg_key
Windows
-
splitter
|-F-|
Signatures
-
Njrat family
Files
-
2040-63-0x0000000000400000-0x000000000040E000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 25KB - Virtual size: 24KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ