Behavioral task
behavioral1
Sample
rb.bin.zip
Resource
win7-20230220-en
General
-
Target
rb.bin.zip
-
Size
16KB
-
MD5
7d7bcf9aea85b6d8dea353d2ed4b7da9
-
SHA1
c906399be883e9fe4dc1ba7844ffe036cc9ed0c5
-
SHA256
3e10f1ff5876133666efd69174bfcdf083ed092920c8b816ec49fac889ee8c34
-
SHA512
2353fd71acaffd903a675376c12a46b06c7633c94de19c166868ab1e791906c66b09f19c3b2796a3201efd949aa851bd57494f5771916392e19bfae5b08349cb
-
SSDEEP
384:B8jzgZxRSL+jHfTD3lGLWC6+ssUzjjrum0E:B8jcZHZ7Eqlft/mm9
Malware Config
Extracted
njrat
im523
HacKed
149.154.158.40:5552
05ae292b9bd1d9166affb15be459c4d5
-
reg_key
05ae292b9bd1d9166affb15be459c4d5
-
splitter
|'|'|
Signatures
-
Njrat family
Files
-
rb.bin.zip.zip
Password: infected
-
rb.bin.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ