General
-
Target
Client.exe
-
Size
31KB
-
MD5
904777d0f18496bdb0aa9e87bd42e685
-
SHA1
224478a50efd6e18bab2617a9e81c06da3a94e27
-
SHA256
7daca7d7ea3721fef0096c1d9d4d33cd6d55c7155b20be64db4fae168eb74945
-
SHA512
5d7a89caf14980a4c4dcda9078f1a9261f0b71d11456913d403d27fa86b75e09e3cc0697d12237e3560aecf75395bab102b6e87976835178f6ccd1a538c23e1b
-
SSDEEP
768:crhO5b13hdwzxLy3os0O/dMRvCnQmIDUu0ti7Saj:ucZ6eh6gQVka5j
Malware Config
Extracted
njrat
0.7d
MyBot
wdex.ddns.net:8080
53218de73abc0726366574c218ecf267
-
reg_key
53218de73abc0726366574c218ecf267
-
splitter
Y262SUCZ4UJJ
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource Client.exe
Files
-
Client.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 29KB - Virtual size: 29KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ