Behavioral task
behavioral1
Sample
ba93ee7bb38e10c6b38fb3c37798ad618e20b4f3d5125bd8d5de77f23afc3dcd.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
ba93ee7bb38e10c6b38fb3c37798ad618e20b4f3d5125bd8d5de77f23afc3dcd.exe
Resource
win10v2004-20230221-en
General
-
Target
b72f3fc55ae3de481cad90bba27dcb15.bin
-
Size
113KB
-
MD5
e9c9d918d5fb94dbf1988e07509a4618
-
SHA1
2dbeb1cb3afa191c756e46a8810fd8c1f21dc26c
-
SHA256
2ca489a590cb7c4124dd4ef8f0f13a629cc1103dbeb37011a80613e720138ab6
-
SHA512
cbadfa8e62d2a9d19bcf0ce8a8f6e6bdc2da4817de28cab27ccd456016349ff54bd793acc0a3097f6ba2d9f6cfd5918220fd9be266a8dfa07d763d2ff06501b0
-
SSDEEP
1536:vu8KekSwo13JlDeP99mRmuHXeJ3wdUwmoNx0De4QeVii3Y22NimVVZuCHcnozosN:2WXJrQu3OwvmoNx6LVi/3BrJosuLel
Malware Config
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/ba93ee7bb38e10c6b38fb3c37798ad618e20b4f3d5125bd8d5de77f23afc3dcd.exe
Files
-
b72f3fc55ae3de481cad90bba27dcb15.bin.zip
Password: infected
-
ba93ee7bb38e10c6b38fb3c37798ad618e20b4f3d5125bd8d5de77f23afc3dcd.exe.exe windows x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 34KB - Virtual size: 33KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 261KB - Virtual size: 260KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ