Behavioral task
behavioral1
Sample
New Client.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
New Client.exe
Resource
win10-20230703-en
Behavioral task
behavioral3
Sample
New Client.exe
Resource
win10v2004-20230703-en
General
-
Target
New Client.exe
-
Size
329KB
-
MD5
9202baa178d24e6fa0eb45262ac7e16a
-
SHA1
e45b9ed7c3ebd6b7994dc5de645b2a248ad3f770
-
SHA256
6c7c1efa3c4deb1fd07a04620a62183054c99d65918d9fc7858f8005b61e0655
-
SHA512
0ad8b21d9fefcd42b82c60801c1e65381ec769ffa032496a4648917e2f5fb6ce94fb602776c39d9ecbaa01b48fdfbf2f4fef0135d178a8b5cb7c18d2f6952c5a
-
SSDEEP
6144:z1g9zWvMmbhoLVOT/FtBkFHS4bnb5Y1C54hP56eya4oPbLZzXHgTbM0Ckc6D+Kl2:z1NXbhoLVOT/FtBkFHSwnb5Y1C54hP5x
Malware Config
Extracted
njrat
Platinum
Slave
127.0.0.1:11883
sys.exe
-
reg_key
sys.exe
-
splitter
|Ghost|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource New Client.exe
Files
-
New Client.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 63KB - Virtual size: 63KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 265KB - Virtual size: 264KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ