Behavioral task
behavioral1
Sample
New Client.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
New Client.exe
Resource
win10v2004-20231215-en
General
-
Target
New Client.exe
-
Size
214KB
-
MD5
7ccd7ac0f9cb04a6760d3a4d6a919ba2
-
SHA1
91b3acfc87e5adb43c440e8e9fc5700c0aa7948a
-
SHA256
b2d371dd4e9dde0297cf4292a0b19f093b89e2e2b679458a28189115af82c1ea
-
SHA512
78146807b04f37c65c4ee61897d01bdde40c35a84abba9e14b4b22397e361ebe70e271b0def323b718102201ed131f2daa6c56debdda7418d0ff510cfd5f3536
-
SSDEEP
3072:fug0YNoN36txQviFCix4BnefWl9zdaF9blYvMaR:fbxO9zTvMaR
Malware Config
Extracted
njrat
Platinum
YT
127.0.0.1:12107
browser.exe
-
reg_key
browser.exe
-
splitter
|Ghost|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource New Client.exe
Files
-
New Client.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 63KB - Virtual size: 63KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 149KB - Virtual size: 149KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ