Behavioral task
behavioral1
Sample
payload.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
payload.exe
Resource
win10v2004-20220721-en
General
-
Target
payload.exe
-
Size
27KB
-
MD5
719586d8b62ee3203fafc4834472c722
-
SHA1
8668e69c2eadf4087f56cd4ad5f30b5a960abfb3
-
SHA256
a4eb32f9273e31ef4f46e2a7036cd89aa35e8fe8aa0b67982b0c149d30e88590
-
SHA512
6e667e3e75a5f682c7b16d2cf31b30d0019f708efe9c00011e793d3b2b71ad592638911ced815aeb4d14ca356e11c88ba7ed4c6eef3181650e849aa2fd27ec34
-
SSDEEP
384:TLLM2XwBNOaLNOFs/Av2yeCP1BBvMl7AQk93vmhm7UMKmIEecKdbXTzm9bVhca1D:34220U0Wl7A/vMHTi9bDt
Malware Config
Extracted
njrat
v2.0
HacKed
full-qui.at.playit.gg:14457
Windows
-
reg_key
Windows
-
splitter
|-F-|
Signatures
-
Njrat family
Files
-
payload.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 25KB - Virtual size: 24KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ