Behavioral task
behavioral1
Sample
cdb2580b515e92d91c18ba0cf1e5c8f0db6de62a2edd83f070da7abdeeccdc80.exe
Resource
win7-20240221-en
General
-
Target
cdb2580b515e92d91c18ba0cf1e5c8f0db6de62a2edd83f070da7abdeeccdc80.exe
-
Size
23KB
-
MD5
07482a2a2606a16508f564652c80c1d7
-
SHA1
1d66ed2fd7de47192c07c0a9889b54d0140e506e
-
SHA256
cdb2580b515e92d91c18ba0cf1e5c8f0db6de62a2edd83f070da7abdeeccdc80
-
SHA512
c687b091d6cb11a174c7751345a752588b0d6e93b2b45d98f2571342038cf85df7d4e68d9502485a718e061ba87ff2bcd5882674ca2981a2229f464bcd37536c
-
SSDEEP
384:koWSkWHa55BgDVRGipkItzY6vZg36Eh7FpmRvR6JZlbw8hqIusZzZ2HmN:TJuk9pHRpcnuM
Malware Config
Extracted
njrat
0.7d
paulo2
swuhH3-22324.portmap.host:22324
8ee321980d6be66417cfa18e5070498f
-
reg_key
8ee321980d6be66417cfa18e5070498f
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource cdb2580b515e92d91c18ba0cf1e5c8f0db6de62a2edd83f070da7abdeeccdc80.exe
Files
-
cdb2580b515e92d91c18ba0cf1e5c8f0db6de62a2edd83f070da7abdeeccdc80.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ