Behavioral task
behavioral1
Sample
Serve2r.exe
Resource
win10v2004-20230621-en
General
-
Target
Serve2r.exe
-
Size
93KB
-
MD5
8c3c8b1f0682af30d77807ab1bbf3e56
-
SHA1
e983bf9b69c60dfbf48704359591895978c2fc7c
-
SHA256
698a1b8fc51154ac54399b1bcb548183b3db7be05a648a5ff39dc21b81b1fb89
-
SHA512
00111056a6d51ad6b9e858dbda98996424c078e30d6ed9aed220690fa349406d1784986d66ae13ea78f467c3599f7a04af7c83fb354a0687c371fe17cb3b4917
-
SSDEEP
768:jY3ACUQy0lM7utchQmnroAgFDSXaaJ4oXbyXxrjEtCdnl2pi1Rz4Rk3JsGdp3gS7:6Ut0i1nroxFMeowjEwzGi1dD5D3gS
Malware Config
Extracted
njrat
0.7d
Victim
hakim32.ddns.net:2000
6543etfd2-59719.portmap.host:59719
a49d7f19644e0bf88262c17f8f0e2bc9
-
reg_key
a49d7f19644e0bf88262c17f8f0e2bc9
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Serve2r.exe
Files
-
Serve2r.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 92KB - Virtual size: 91KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ