Behavioral task
behavioral1
Sample
no.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
no.exe
Resource
win10v2004-20230220-en
General
-
Target
no.exe
-
Size
37KB
-
MD5
3efa7db1ee68abbcfeb1f6f07d6f2224
-
SHA1
f0e0396d55a8969fd89cb11363c9f5025d9a3f0d
-
SHA256
cb3d67856d325bdd49aa5d2219366adedfe8f126f9eef98abe678b3265c681a5
-
SHA512
59f2a57a7344937bd8234fbcf5b2fb9178a2940fa064a80dcaf56f1a37594a1ffe871e8aa30d82a3d004d05ce6a0725551f7c3c3f4f302111615932ba7e19b5d
-
SSDEEP
384:ScFiUiD1blmJEpRGyEfjhvRuICY6KVIrAF+rMRTyN/0L+EcoinblneHQM3epzXKB:BFyHpR9EfjhEIC1KGrM+rMRa8NuEPrt
Malware Config
Extracted
njrat
im523
HacKed1
7.tcp.eu.ngrok.io:5552
5676158919069158233e936864e885de
-
reg_key
5676158919069158233e936864e885de
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource no.exe
Files
-
no.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ