Behavioral task
behavioral1
Sample
099c9da2357e0f58ab09fc5a24589e41.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
099c9da2357e0f58ab09fc5a24589e41.exe
Resource
win10v2004-20231215-en
General
-
Target
099c9da2357e0f58ab09fc5a24589e41
-
Size
36KB
-
MD5
099c9da2357e0f58ab09fc5a24589e41
-
SHA1
917bd4b5cd6c621e52f96ae1565122e724ceca1d
-
SHA256
423d89d3e4d7651aaf9a83e3ed444daae54e14b2104f5a8552ad61df7aebff4c
-
SHA512
30be0f01d66927bf5a99e3354e5839ed9147fa3fae341a6fc5d968c5b9f34eb42d6d0266ff354f40f2726a45615db18004f3e5a7b63c195155d0da4506ea208b
-
SSDEEP
384:YwdmBkiyJnDNGRn5IyUvwIFvthI/im1xbrAF+rMRTyN/0L+EcoinblneHQM3epzV:xh5M5jUvFFwqmPrM+rMRa8Nud7t
Malware Config
Extracted
njrat
im523
HacKed
8.tcp.ngrok.io:13661
b9de363c039d49d6515449b25ff5fee2
-
reg_key
b9de363c039d49d6515449b25ff5fee2
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 099c9da2357e0f58ab09fc5a24589e41
Files
-
099c9da2357e0f58ab09fc5a24589e41.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ