Behavioral task
behavioral1
Sample
0x0009000000012314-63.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
0x0009000000012314-63.exe
Resource
win10v2004-20220901-en
General
-
Target
0x0009000000012314-63.dat
-
Size
78KB
-
MD5
2c3dfd707a71a723aada2ab5cb4485d6
-
SHA1
41357a94ad63b2f6bbe4f4f0a069d6f22a125369
-
SHA256
1ba26b7fefc227463accb9d479889d17439b7de392d09722d271641acf24b23f
-
SHA512
fe6e219e3efb0c8e0ee3a77d5dc198a43df605e9859bf5a1b41dbd8cfae929d9c684025676b80c8f5438e3e4de1d1b9a0a78bf5c5fd2005763e8d254425dcb19
-
SSDEEP
1536:If+qHADbDpKS5wpOk3JCK6pFo2/e6fOpd/9nEh9TGnJUR:WQwpOk5CK6pO/9ESnJU
Malware Config
Extracted
njrat
0.7.3
Exploited++
salesxpert.duckdns.org:2889
windows.exe
-
reg_key
windows.exe
-
splitter
mnbvcxz12
Signatures
-
Njrat family
Files
-
0x0009000000012314-63.dat.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 76KB - Virtual size: 75KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ