Behavioral task
behavioral1
Sample
13fad25d5b28e40800b274126f0156fd556053dfd5da26372332d1d423ad513a.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
13fad25d5b28e40800b274126f0156fd556053dfd5da26372332d1d423ad513a.exe
Resource
win10v2004-20220414-en
General
-
Target
13fad25d5b28e40800b274126f0156fd556053dfd5da26372332d1d423ad513a
-
Size
43KB
-
MD5
ee5027ce7b50ae0ca2f47fb53c4fd3fc
-
SHA1
7712a2b7763a90efb6666c5f9b59f662107f6b9a
-
SHA256
13fad25d5b28e40800b274126f0156fd556053dfd5da26372332d1d423ad513a
-
SHA512
62c504561a9c3faef0b85918601366c695306c8f0573209af63d4839f9d5dc9849d7db5f30008302f52b99ad6d823f566347d1fd4e6a6beb667c172d3e9a8614
-
SSDEEP
384:iZyvINU1SoycwJORpvWhYYoGMiELvho8Gzz0Iij+ZsNO3PlpJKkkjh/TzF7pWn1V:QjqglcwJkBXlZoHuXQ/og/+L
Malware Config
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
HacKed
0.tcp.ngrok.io:18438
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Signatures
-
Njrat family
Files
-
13fad25d5b28e40800b274126f0156fd556053dfd5da26372332d1d423ad513a.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 41KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1024B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ