Behavioral task
behavioral1
Sample
2756-73-0x0000000000400000-0x0000000000410000-memory.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
2756-73-0x0000000000400000-0x0000000000410000-memory.exe
Resource
win10v2004-20230915-en
General
-
Target
2756-73-0x0000000000400000-0x0000000000410000-memory.dmp
-
Size
64KB
-
MD5
7c8c706bab60844a77353aa087265456
-
SHA1
a3898a010287716efb63b964bd86b317888b86a1
-
SHA256
98de130ba282840b4ccd7f5250029a8d2af77bc38fec75145041742655297839
-
SHA512
41f7d8042e9a449fdc359f848cec1d17b1492ea5d316dd798f18e18e8e73986b27882f08aa78ea4a2dc26278b2e148d1ff081f1adc83df1a284ff44590535489
-
SSDEEP
384:nmOs0IiejvCVLO309QmykrtG+dA+VfwvOSiKrAF+rMRTyN/0L+EcoinblneHQM3h:dFdGdkrgYRwWS9rM+rMRa8NuEDt
Malware Config
Extracted
njrat
im523
HacKed
0.tcp.in.ngrok.io:19400
900e32528e286bf3fa16f687e637183a
-
reg_key
900e32528e286bf3fa16f687e637183a
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2756-73-0x0000000000400000-0x0000000000410000-memory.dmp
Files
-
2756-73-0x0000000000400000-0x0000000000410000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ