Behavioral task
behavioral1
Sample
C3B5CC4ED4B775143B12CA08E878787F.exe
Resource
win7-20230831-en
General
-
Target
C3B5CC4ED4B775143B12CA08E878787F.exe
-
Size
246KB
-
MD5
c3b5cc4ed4b775143b12ca08e878787f
-
SHA1
0708486896cd80edcebf80ac87ec1d0108b7909b
-
SHA256
5fe4966a0f2d38702c2451af0e2d7c00d2e8ce33ce3a67a51789e609a4295106
-
SHA512
d21061ba6212684fbd855b69661e33520c2845985d3bbd3f70eb45bc348a01b0e2ef0dc908d04e4ed9bd5da5d243ed9020b74550bba0c7a0525254ff4d254c25
-
SSDEEP
6144:Gakg3/aBDYKNmyzjgl3AcS7xGvRNxzaj2w:1h3CxYKNm+sl5GGXTw
Malware Config
Extracted
njrat
0.7d
Lammer
mariatroianos.ddns.net:9091
da634d398ee526a59a8f0298ea6a9578
-
reg_key
da634d398ee526a59a8f0298ea6a9578
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource C3B5CC4ED4B775143B12CA08E878787F.exe
Files
-
C3B5CC4ED4B775143B12CA08E878787F.exe.exe windows:4 windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ