Behavioral task
behavioral1
Sample
bEiR.exe
Resource
win7-20220812-en
General
-
Target
bEiR.exe
-
Size
23KB
-
MD5
b4355ec0815354965333f61ef03df0b4
-
SHA1
a7ec0778d34b932de187d90c92e3af10b31088a2
-
SHA256
b5a11b8a198e261609192e65ad1ef746cd2a87b1b94d99d6fb562c2437471303
-
SHA512
6e43e7a33fb0e16999d48938fbc229cfc7367570f391a876be0df07df16f1038e118c59b7b68a767fb8bf9086dd1d620dca58e0b23e221842909f671ac047c99
-
SSDEEP
384:NweXCQIreJig/8Z7SS1fEBpng6tgL2IBPZVmRvR6JZlbw8hqIusZzZTu:yLq411eRpcnu1
Malware Config
Extracted
njrat
0.7d
HacKed
windowsii.duckdns.org:5552
85faf5c90182f6391d389f3f4afec300
-
reg_key
85faf5c90182f6391d389f3f4afec300
-
splitter
|'|'|
Signatures
-
Njrat family
Files
-
bEiR.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ