Behavioral task
behavioral1
Sample
01d7dcfc0d43e1a63160c2a2b.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
01d7dcfc0d43e1a63160c2a2b.exe
Resource
win10v2004-20230703-en
General
-
Target
01d7dcfc0d43e1a63160c2a2b.exe
-
Size
30KB
-
MD5
01d7dcfc0d43e1a63160c2a2be09ac3b
-
SHA1
b153f050ed9297fe236e5112ce3b4a334b18b135
-
SHA256
ac458cf6d935c1fe276458fa4ed577c356a81662fc0978ed9708abd863b519c7
-
SHA512
cc49ba199dd2c9dce7746f46f5f9bae0bf0793b955b851d5d38afcc40708e94a18000776254207f1b6c5d1d98b1154dfd345becf037417b7351dec25b9d5dd59
-
SSDEEP
768:rSHMXrwpJbb2zxxO5Seqf3isfvUuQmIDUu0tirXj:rlkK9is7QVkaj
Malware Config
Extracted
njrat
0.7d
Bot
77.241.20.215:55915
89a73e3948b3f7c938f6b700b2914080
-
reg_key
89a73e3948b3f7c938f6b700b2914080
-
splitter
Y262SUCZ4UJJ
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 01d7dcfc0d43e1a63160c2a2b.exe
Files
-
01d7dcfc0d43e1a63160c2a2b.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 29KB - Virtual size: 29KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ