Behavioral task
behavioral1
Sample
2ead13296e90b2e3683fd3a219857a61c20edc17e7714392a94ba4a13a042164.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
2ead13296e90b2e3683fd3a219857a61c20edc17e7714392a94ba4a13a042164.exe
Resource
win10v2004-20220812-en
General
-
Target
2ead13296e90b2e3683fd3a219857a61c20edc17e7714392a94ba4a13a042164
-
Size
23KB
-
MD5
575adc1e4c148afe397d3695759ce440
-
SHA1
0b41160e2743facbdd73dbaafaee41a2785fa798
-
SHA256
2ead13296e90b2e3683fd3a219857a61c20edc17e7714392a94ba4a13a042164
-
SHA512
69203ebab522c44c4bac83a8a1a01c3054000729fd2d925a7f6d54c7f3fd002623739acbda0a722d18a10011f102c19a44f193a73f3b68e269243a89012d29a0
-
SSDEEP
384:XoWtkEwn65rgjAsGipk55D16xgXakhbZD0mRvR6JZlbw8hqIusZzZMj:w7O89p2rRpcnup
Malware Config
Extracted
njrat
0.7d
hacked
momodz.no-ip.biz:1177
a1fe58e271392148d9447041084cdb09
-
reg_key
a1fe58e271392148d9447041084cdb09
-
splitter
|'|'|
Signatures
-
Njrat family
Files
-
2ead13296e90b2e3683fd3a219857a61c20edc17e7714392a94ba4a13a042164.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ