Behavioral task
behavioral1
Sample
6e323bddb6f10b049428e50b9cf4da9f047829e83aa32e00bb2a7f4dc2a5e588.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
6e323bddb6f10b049428e50b9cf4da9f047829e83aa32e00bb2a7f4dc2a5e588.exe
Resource
win10v2004-20231215-en
General
-
Target
6e323bddb6f10b049428e50b9cf4da9f047829e83aa32e00bb2a7f4dc2a5e588.exe
-
Size
23KB
-
MD5
56b932581ca03686ad499fad655f6657
-
SHA1
4a5b99528438aa27cd2608f7be56bfd314d39f26
-
SHA256
6e323bddb6f10b049428e50b9cf4da9f047829e83aa32e00bb2a7f4dc2a5e588
-
SHA512
e04c20a01cef5987340e6f40da5e8aeaf52952ccbe10b1eb538a612bba75b45c91988d8014b2eb42ed742c29e5d0a152f969e1b9656846d2f9117faae9e7197c
-
SSDEEP
384:RoWtkEwn65rgjAsGipk55D16xgXakhbZD0mRvR6JZlbw8hqIusZzZdfZU:G7O89p2rRpcnuMhU
Malware Config
Extracted
njrat
0.7d
HHHXXX
black101.ddns.net:1177
c7c947d665980e197b736d98adf01cc0
-
reg_key
c7c947d665980e197b736d98adf01cc0
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 6e323bddb6f10b049428e50b9cf4da9f047829e83aa32e00bb2a7f4dc2a5e588.exe
Files
-
6e323bddb6f10b049428e50b9cf4da9f047829e83aa32e00bb2a7f4dc2a5e588.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ