Behavioral task
behavioral1
Sample
0x0008000000012699-64.exe
Resource
win7-20220414-en
General
-
Target
0x0008000000012699-64.dat
-
Size
37KB
-
MD5
333baef68bf06e2bff8c785f9120559d
-
SHA1
b605cc35ec178240b1150a81d73e58d1d9417bac
-
SHA256
4d62a9ab6abeeafd08fc299581c0910c36ccf64178c16fc06b4a57a48858e1d4
-
SHA512
0ba29d931b3166c4d334cd45f02cc053efbe2f1db3dc844a43e8f9b12a6efea3d73d45d49ab048fdd7b21495b8bbe1929b560ead99890d88f02b99fda186c1cc
-
SSDEEP
384:pcySKMizdjjnBhFbJ8ycPfpXxtwqKVZrAF+rMRTyN/0L+EcoinblneHQM3epzXby:yySgjlLJfcPfpP9K7rM+rMRa8NuFmt
Malware Config
Extracted
njrat
im523
HacKed
51.89.91.139:5050
5db0afc818875fbd9be3e842f2d3f24b
-
reg_key
5db0afc818875fbd9be3e842f2d3f24b
-
splitter
|'|'|
Signatures
-
Njrat family
Files
-
0x0008000000012699-64.dat.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ