Behavioral task
behavioral1
Sample
joao.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
joao.exe
Resource
win10v2004-20230220-en
General
-
Target
joao.exe
-
Size
89KB
-
MD5
a88c703f3ec08baf49df569833dde633
-
SHA1
f5b47b14f247d4eb1fe0131255a43735b53bb366
-
SHA256
15b7bac15c90083ef0b56cfdcc9b565ab10c3f5590d7739839ba990ab2cdaa05
-
SHA512
391d54290d5aef71ead0d4cc5074d79c3b20dbe88bb8f617dd4029fc83d7b17064e58d95e90ecbb9c06716f1a03ff18622078a6d54d4b8d717d8daf9549fb307
-
SSDEEP
384:aRcqbCK0l4h7o9SVyDGvENuh46/gJkOmMSW38mRvR6JZlbw8hqIusZzZ2kgAD1vJ:ay30py6vhxaRpcnunF8u3EMyyCg
Malware Config
Extracted
njrat
0.7d
joao
0.tcp.sa.ngrok.io:11168
e6a27426758a6eb3f469a160f094bed0
-
reg_key
e6a27426758a6eb3f469a160f094bed0
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource joao.exe
Files
-
joao.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 67KB - Virtual size: 66KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ