Behavioral task
behavioral1
Sample
1244-56-0x00000000003E0000-0x00000000003EA000-memory.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
1244-56-0x00000000003E0000-0x00000000003EA000-memory.exe
Resource
win10v2004-20221111-en
General
-
Target
1244-56-0x00000000003E0000-0x00000000003EA000-memory.dmp
-
Size
40KB
-
MD5
54804479a9d505013067bc3fa5de1d98
-
SHA1
99d0ae239cb09cc78c996d6db6a01ef37bca2866
-
SHA256
47ef8a83ff586e9eb82f68c7095b8d1470cdea4ed03c7eeb102508cbfe4f06f1
-
SHA512
d6152f8f7eb197d36bac30f06a566dedfbbd1364bb4e82fcaded058ea4cd376f469fed18a53c8df55e222298768e17cc6734a93e07cd3ed420c615f2d607f3ff
-
SSDEEP
384:8Pwz6+T4IjWZFNwXU0eiNUBdvt6lgT+lLOhXxQmRvR6JZlbw8hqIusZzZfB:8ETbC81NgRpcnu+
Malware Config
Extracted
njrat
0.7d
HacKed
gololosd.ddns.net:9090
151fd47f794ef2318b946b794bcd6603
-
reg_key
151fd47f794ef2318b946b794bcd6603
-
splitter
|'|'|
Signatures
-
Njrat family
Files
-
1244-56-0x00000000003E0000-0x00000000003EA000-memory.dmp.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ