Behavioral task
behavioral1
Sample
So2CHEAT.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
So2CHEAT.exe
Resource
win10v2004-20240221-en
General
-
Target
So2CHEAT.exe
-
Size
93KB
-
MD5
41e990ab2c6582fa78eec4de2c4d731d
-
SHA1
801410d19aa4b4d5dee2fff1c5644184125eb77c
-
SHA256
01e3c4e657ab9990d03eabcb3fe1fee29fe6d00611e2c0c51d632f6043a2d6ab
-
SHA512
9d4518c1ddfdf8370990251afc9f37b25b5f9b68b55f923c1ddc744882c03b7269cd2478e8e369f9e77a80c78e818d9d1c438c6f5194cf7f6267d99520de646b
-
SSDEEP
1536:FUwC+xhUa9urgOBPmNvM4jEwzGi1dDbDUgS:FUmUa9urgOkdGi1dDN
Malware Config
Extracted
njrat
0.7d
HacKed
hakim32.ddns.net:2000
2.tcp.eu.ngrok.io:16653
558ddcdb4a17af9ef259e6abfde932f9
-
reg_key
558ddcdb4a17af9ef259e6abfde932f9
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource So2CHEAT.exe
Files
-
So2CHEAT.exe.exe windows:4 windows x86 arch:x86
Password: psychokid
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 92KB - Virtual size: 91KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ