Behavioral task
behavioral1
Sample
6c3183412fc318d586ba196d42f9399ecc84500d4624377752b4952442236093.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
6c3183412fc318d586ba196d42f9399ecc84500d4624377752b4952442236093.exe
Resource
win10v2004-20230220-en
General
-
Target
09a039699d3c2b826e5e2f8ad90f50fc.bin
-
Size
16KB
-
MD5
40df0e0d5eaee45752f7161061540209
-
SHA1
d00bde832e6ee6495402e8da927542ba4c097d54
-
SHA256
820556288ad2292d0ce28199eb7d4b25fe52cb53565a6a6e06d6b99d0ba998ab
-
SHA512
ddfec673d903b729ca20fe52f65c67fea06bcd9274ed2b18f07cd8311694f0a09e6f74aa2be116159fbd882066e2d52a62e6e6af648659ee0550e335fd67107e
-
SSDEEP
384:pQ3aN/dB438bQ63UUu2AACXN8RCfckDoqJsqOu6n1x9/5jDDxG4snX:pQaCswD8RCfckEqJsqOt1PRjgBnX
Malware Config
Extracted
njrat
im523
HacKed
8.tcp.ngrok.io:10809
477e42ad55ebd15287499bd5aac86f08
-
reg_key
477e42ad55ebd15287499bd5aac86f08
-
splitter
|'|'|
Signatures
-
Njrat family
Files
-
09a039699d3c2b826e5e2f8ad90f50fc.bin.zip
Password: infected
-
6c3183412fc318d586ba196d42f9399ecc84500d4624377752b4952442236093.exe.exe windows x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ