Behavioral task
behavioral1
Sample
03CFE21475FF1E4B334AD89DED81AE54.exe
Resource
win7-20231215-en
General
-
Target
03CFE21475FF1E4B334AD89DED81AE54.exe
-
Size
23KB
-
MD5
03cfe21475ff1e4b334ad89ded81ae54
-
SHA1
885cd1d6782f12eba1a8b02ba5e380b43d724ac8
-
SHA256
b6634d60c4f33e8ff40efbbbddd098cc420fe12822c633752260e3b0e6d11307
-
SHA512
28361958762f5951c405f664e6891eca9fe735b791702db93599fbf34b50885d95dd8938784423ec4ccb50648a4f8350106b51d8082d43e65fa5371bf3bd9f56
-
SSDEEP
384:IcqbCK0l4h7o9SVyDGvENuh46/gJkOmMSW38mRvR6JZlbw8hqIusZzZLp:330py6vhxaRpcnuG
Malware Config
Extracted
njrat
0.7d
Lammer
0.tcp.sa.ngrok.io:12537
e71381ce4c6ac23e031048fb1464e9da
-
reg_key
e71381ce4c6ac23e031048fb1464e9da
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 03CFE21475FF1E4B334AD89DED81AE54.exe
Files
-
03CFE21475FF1E4B334AD89DED81AE54.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ