Behavioral task
behavioral1
Sample
f151cd6e8e2a73bb0594cc6767d193d016fc88cc9973712a9dec06284b6b3adf.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f151cd6e8e2a73bb0594cc6767d193d016fc88cc9973712a9dec06284b6b3adf.exe
Resource
win10v2004-20240319-en
General
-
Target
f151cd6e8e2a73bb0594cc6767d193d016fc88cc9973712a9dec06284b6b3adf
-
Size
29KB
-
MD5
a051c849e389cec5636e4f0f9b080e8c
-
SHA1
70228c5ab77e03193e527ccb995c5ec3b0c09b1a
-
SHA256
f151cd6e8e2a73bb0594cc6767d193d016fc88cc9973712a9dec06284b6b3adf
-
SHA512
cd0a2ba45982f81b24bc289fa3a4bf10da2f828c845d2a73ce62bea8729d95737eed6e59d70ac05606b6d97d4cd36d721b538975f01b0c837324c95d22dc2e75
-
SSDEEP
384:EPqvANl7TxTD+VF2dbofPauxnaIuN15708COmqDk9jeHqGBsbh0w4wlAokw9Ohgd:ru75oa4fuTC8cqojeVBKh0p29SgR5d
Malware Config
Extracted
njrat
0.6.4
hacker
01KeKe-41878.portmap.io:41878
12826896566034991c9912d3a1ee9bf7
-
reg_key
12826896566034991c9912d3a1ee9bf7
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource f151cd6e8e2a73bb0594cc6767d193d016fc88cc9973712a9dec06284b6b3adf
Files
-
f151cd6e8e2a73bb0594cc6767d193d016fc88cc9973712a9dec06284b6b3adf.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 27KB - Virtual size: 26KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ