Behavioral task
behavioral1
Sample
bNkn.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
bNkn.exe
Resource
win10v2004-20230220-en
General
-
Target
bNkn.exe
-
Size
23KB
-
MD5
18f1c4c76bfa3e98a97628f741361a50
-
SHA1
b996ca964b34339725b02abfc9b6b0fcbe5628d8
-
SHA256
53924ec04fd027a17ceec00ef3d0e77637a8c372b2ee1b6095bf1ee4cf288fc4
-
SHA512
0da74271f186591c338db5b301deff1f7b15f3373ec725d67dcb1dc0ce1ee36d75ef12002d430980ff1001b0a0457149388c31591dabef33917f3de893035637
-
SSDEEP
384:xhc6ze6e1PAhJVzC3tC1im/BsTx46PgZ0rap9HBmRvR6JZlbw8hqIusZzZXd:xTe9EJLN/yRpcnua
Malware Config
Extracted
njrat
0.7d
soldier
0.tcp.sa.ngrok.io:18145
8281218078858e75d74a07bde6e8bc62
-
reg_key
8281218078858e75d74a07bde6e8bc62
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource bNkn.exe
Files
-
bNkn.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ