Behavioral task
behavioral1
Sample
00e0a808895c6b545bb4abd1a982a8e05736200a7a34262c7955aa24c80d1563.exe
Resource
win7-20220812-en
General
-
Target
00e0a808895c6b545bb4abd1a982a8e05736200a7a34262c7955aa24c80d1563
-
Size
23KB
-
MD5
b262704886a2effec7b9801825d6f326
-
SHA1
10f71fac877153897da8ce9643212a1682645390
-
SHA256
00e0a808895c6b545bb4abd1a982a8e05736200a7a34262c7955aa24c80d1563
-
SHA512
c7a67a4f0d91b27fad1e35b779038a7a00b81cc35f3ef99622760bbe85a1a141b67f3eb782d2adeed0ff208244c5606ef9ea925cc44378dfe4fbf76e931d8a57
-
SSDEEP
384:eRMKFYuEEhERvoBG16Xuy0MHNw6Tg1Y+75JTFmRvR6JZlbw8hqIusZzZLG:eqW4V6+yDRpcnu9
Malware Config
Extracted
njrat
0.7d
romance
romancee.no-ip.com:5552
93d34860732d78fab32e5cd57e8f6c98
-
reg_key
93d34860732d78fab32e5cd57e8f6c98
-
splitter
|'|'|
Signatures
-
Njrat family
Files
-
00e0a808895c6b545bb4abd1a982a8e05736200a7a34262c7955aa24c80d1563.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ