General
-
Target
ldiag_5.11.0_windows_x64.exe
-
Size
125KB
-
MD5
5542ca6d49e953a38d8f545df79d2b26
-
SHA1
8a30aa76e923155d7699e8061e3027125dbfe6cf
-
SHA256
4ac5fe26f86a2984a8871ccacfad4d17d2825012c39e1dd91f8048e10c08e5c6
-
SHA512
a8bf85e73be4638b09df0174794252f4267029bb71adbc59643b44bcdf04e4e8a82dae18ec27f34ea727d120536470bbaf7fabf97e17a9dc266ebc7a1af71ea7
-
SSDEEP
1536:4IyOxNRYUBvE0w+gRJNpBlZpwy6XGEfuCH590eCueYI2Ne9ywGopVAgJxc6eiMgl:4IyOXWyY+yJLBbpwRX/rX0VywlA0CAn
Malware Config
Extracted
njrat
im523
SNPB
4.tcp.eu.ngrok.io:19387
6105b8ccdea9a76fb42c84ef64407545
-
reg_key
6105b8ccdea9a76fb42c84ef64407545
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ldiag_5.11.0_windows_x64.exe
Files
-
ldiag_5.11.0_windows_x64.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 89KB - Virtual size: 89KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ