Behavioral task
behavioral1
Sample
3d8b2bc3fdba588bad1e6ee74050de7a31e386088636bbedf72f2285d3dc819f.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
3d8b2bc3fdba588bad1e6ee74050de7a31e386088636bbedf72f2285d3dc819f.exe
Resource
win10v2004-20230220-en
General
-
Target
706fd9eb22adac23c973248375c50a02.bin
-
Size
12KB
-
MD5
066e18f643de104bb95bda52d88204f8
-
SHA1
029e698629c21a8bc099adc6bef5c263b886f4f1
-
SHA256
fb1c1c9bb1eaccdf08ceef1410e835692c17a1ca58711a2994aa4d732e495abb
-
SHA512
7e666ac9d0e800f5a44fb2e0d8413498a616fe07c1e761bf2fe861b0cbbaaab7582e98404a936f994a1fcb900c7b4578f657d4938465aa2dd64e82fe9ddc1ec3
-
SSDEEP
192:QbGfaFAjC1Y0mVYgM0r8C6WQBTGBrSq0MLkMdTKbq2CjtmLum8Ko2UFEWcB:TaFbm2gWCMT4rR3dTKbq2C5KoR2
Malware Config
Extracted
njrat
v2.0
HacKed
bob541882.e2.luyouxia.net:20192
Windows
-
reg_key
Windows
-
splitter
|-F-|
Signatures
-
Njrat family
Files
-
706fd9eb22adac23c973248375c50a02.bin.zip
Password: infected
-
3d8b2bc3fdba588bad1e6ee74050de7a31e386088636bbedf72f2285d3dc819f.exe.exe windows x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 25KB - Virtual size: 24KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ