Behavioral task
behavioral1
Sample
f307432d9b11a759e000944743449b0c56499dfb51783e631327fed85a1c5399.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
f307432d9b11a759e000944743449b0c56499dfb51783e631327fed85a1c5399.exe
Resource
win10v2004-20231222-en
General
-
Target
f307432d9b11a759e000944743449b0c56499dfb51783e631327fed85a1c5399.exe
-
Size
32KB
-
MD5
014d3d7393d8c49596e70d6dd1d9bb91
-
SHA1
2492c32089af7337506e1547a4d5857c59fec6f9
-
SHA256
f307432d9b11a759e000944743449b0c56499dfb51783e631327fed85a1c5399
-
SHA512
db8989b425488a4fc01d7690a072b40eccd8937f79aa5d8c1bbf72e088a9f6595bed669d847b4dade6502527408671c1da09cc51664f4d81770e48421e9ed16c
-
SSDEEP
384:V0bUe5XB4e0XLOfO54GeaWTktTUFQqz98yObbPG:2T9BuyLDqJxbO
Malware Config
Extracted
njrat
0.7NC
NYAN CAT
junio2023.duckdns.org:3333
7952b2688d
-
reg_key
7952b2688d
-
splitter
@!#&^%$
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource f307432d9b11a759e000944743449b0c56499dfb51783e631327fed85a1c5399.exe
Files
-
f307432d9b11a759e000944743449b0c56499dfb51783e631327fed85a1c5399.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 20KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 704B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ