Behavioral task
behavioral1
Sample
b8f8323ffe1e53ad1993f6f0fc91d38c.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
b8f8323ffe1e53ad1993f6f0fc91d38c.exe
Resource
win10v2004-20230221-en
General
-
Target
b8f8323ffe1e53ad1993f6f0fc91d38c.exe
-
Size
93KB
-
MD5
b8f8323ffe1e53ad1993f6f0fc91d38c
-
SHA1
2c9fc140de6f527fd62482428c89b3b8a9e0b2ab
-
SHA256
016404b6167e37de1d2ca10010bab8b33dd102eca84b6e49d62f28a082004732
-
SHA512
d53990669b279c7a537a04e83f21410fc0e7824dd41700fb3d09496ffcf2934a4b2b05cd6be000873ddf786b39ddfc55685b692e5293d915e14a1cc082b8fb14
-
SSDEEP
1536:Cl+C+xhUa9urgOBPmNvM4jEwzGi1dDdDkgS:ClIUa9urgOkdGi1dJd
Malware Config
Extracted
njrat
0.7d
HacKed
FRANSESCOi50Y3AuZXUubmdyb2suaW8Strik:MTgyNjA=
3c9c1181669ca28d9218c8feaefa24d5
-
reg_key
3c9c1181669ca28d9218c8feaefa24d5
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource b8f8323ffe1e53ad1993f6f0fc91d38c.exe
Files
-
b8f8323ffe1e53ad1993f6f0fc91d38c.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 92KB - Virtual size: 91KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ