Behavioral task
behavioral1
Sample
tmpE1B.tmp.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
tmpE1B.tmp.exe
Resource
win10v2004-20220414-en
General
-
Target
tmpE1B.tmp.exe
-
Size
37KB
-
MD5
73196f394725a9623d84a512cdddf6ce
-
SHA1
4d24d92f70b2cbce52b1b173162b8f504ee7752f
-
SHA256
ee4ab4017c6e9c0883b2c1e42d0f0264f178ad2c6416e07d77169fdf94d1b1a4
-
SHA512
9c7d00237665f6a1df06217d156cbf07e499f60a7b4eb807b2df107f7392d710cb2439d524827b50492578c652ba20b81f95e4e0eee9f144330847f041971ed6
-
SSDEEP
384:QAFDylgibfjpPu7w9qyMTIvfTSs2EWfbrAF+rMRTyN/0L+EcoinblneHQM3epzXX:nWNN9ZMTIvWVEIrM+rMRa8Nuj8it
Malware Config
Extracted
njrat
im523
NEXT
109.197.196.135:9991
413491cbe232876548b9b7cd8a1b451d
-
reg_key
413491cbe232876548b9b7cd8a1b451d
-
splitter
|'|'|
Signatures
-
Njrat family
Files
-
tmpE1B.tmp.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ