Behavioral task
behavioral1
Sample
1504-56-0x0000000000640000-0x000000000064C000-memory.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
1504-56-0x0000000000640000-0x000000000064C000-memory.exe
Resource
win10v2004-20220901-en
General
-
Target
1504-56-0x0000000000640000-0x000000000064C000-memory.dmp
-
Size
48KB
-
MD5
eb0765258076879bf5581ad974af3b5c
-
SHA1
2b3ad034b50b63e64570ba9b02fe90d2c554157a
-
SHA256
10ad1414ecb12a8124e67e6a8708347186e34ac7382adc683015a8b5f7403df6
-
SHA512
1651f90c320c7d2c514a63b2b8780fbb0e0fd275c3e0502bee2c78bf3541586637e6a01a620acc20d36b782631965d10da9f3943551aa0dc00c0a45f861b8bd7
-
SSDEEP
384:z+n2650N3qZbATcjRGC5Eo9D46BgnqUhay1ZmRvR6JZlbw8hqIusZzZhDty:Mm+71d5XRpcnuuc
Malware Config
Extracted
njrat
0.7d
HacKed
2.tcp.eu.ngrok.io:13002
2806cdb1ef67986308064d5873a67ad7
-
reg_key
2806cdb1ef67986308064d5873a67ad7
-
splitter
|'|'|
Signatures
-
Njrat family
Files
-
1504-56-0x0000000000640000-0x000000000064C000-memory.dmp.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 564B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ