Behavioral task
behavioral1
Sample
644e22017e7ea1528dca300ff5efc8a07f8587b3b15ea079ea0b9b205b0b4d83.exe
Resource
win7-20230220-en
General
-
Target
0ec8c3c2398d384e8f53ce811a488b49.bin
-
Size
186KB
-
MD5
b46445bb553a09ed9b4b781173e0dd42
-
SHA1
cdb6d4ef89717b9aa786b87fb379a48c4a17c409
-
SHA256
832c8490c1641d7d3f1597e7d6b95cc21d018e45a8258d1a23ac184b9ec506f4
-
SHA512
b3b05aab1b4782d8d4fc6e394e0a16b69915153e6b39f6454eff58a99cc09c1a5742bf72aa2ad8aa569ff8ca8a473ff41260048edfabd98c7994e4b8633c885b
-
SSDEEP
3072:BOwqLPDIgMClZufHOZI09OXbsG6r5vTyc5TxD1038czsHdBa1s49cDFTvqh:BjYPWWIfHkI09E9wycNl103YuHcJjqh
Malware Config
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/644e22017e7ea1528dca300ff5efc8a07f8587b3b15ea079ea0b9b205b0b4d83.exe
Files
-
0ec8c3c2398d384e8f53ce811a488b49.bin.zip
Password: infected
-
644e22017e7ea1528dca300ff5efc8a07f8587b3b15ea079ea0b9b205b0b4d83.exe.exe windows x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 418KB - Virtual size: 417KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ