Behavioral task
behavioral1
Sample
New Client.exe
Resource
win11-20240221-en
General
-
Target
New Client.exe
-
Size
214KB
-
MD5
6099ccf232cffee0787b66e03bd2e2fb
-
SHA1
a160655fe6b2a8dda39f0f72772fb9b463434780
-
SHA256
de2fed0600ccc08d0c5e151facbe9e21eea3c7e383bfce3872d8b03f5b041270
-
SHA512
9e834574679681336cdb271b70e122b564d14527d24680c6dc8d41e7676d1803158f225a53a585a062b272d1c41de2962ed5496af1e6ff26421a80cb684ff3a0
-
SSDEEP
6144:SSJ89zyvMl2B+64kQ2EJam2dNREz9FdOZMJwGuE4QyZom8exsrPR5TE7D0XuDTTt:SEJk2B+64kQHam2dNREz9FdOZMJwGuEu
Malware Config
Extracted
njrat
Platinum
AntiVirus
127.0.0.1:38277
Client.exe
-
reg_key
Client.exe
-
splitter
|Ghost|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource New Client.exe
Files
-
New Client.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 63KB - Virtual size: 63KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 149KB - Virtual size: 149KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ