Behavioral task
behavioral1
Sample
6bd1372d068d74df34cfc437092d0da6dcf12f0ed4671a7f84e05f83be4e5a7d.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
6bd1372d068d74df34cfc437092d0da6dcf12f0ed4671a7f84e05f83be4e5a7d.exe
Resource
win10v2004-20240412-en
General
-
Target
6bd1372d068d74df34cfc437092d0da6dcf12f0ed4671a7f84e05f83be4e5a7d.exe
-
Size
32KB
-
MD5
9ff6bfc9fa02ed95328e7aed5443eba3
-
SHA1
d66027c93e3f9f4bd05c64ea0ce0fbdeb8abad42
-
SHA256
6bd1372d068d74df34cfc437092d0da6dcf12f0ed4671a7f84e05f83be4e5a7d
-
SHA512
b6a64f785e37e75c6f5f8d7dcc8770381e7ff8cd8f511c7e0b0ef0cc7a7bdeced876bf9fe5b3df06e0d36a1172cf957dfff404486795bf7729cc99349b57539a
-
SSDEEP
384:k0bUe5XB4e0X+OJ4w0Q0mS03lWTwtTUFQqzFwObbg:hT9BudH55zibg
Malware Config
Extracted
njrat
0.7NC
Server1
booksports64.linkpc.net:1414
92a2bf11308046ea919
-
reg_key
92a2bf11308046ea919
-
splitter
@!#&^%$
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 6bd1372d068d74df34cfc437092d0da6dcf12f0ed4671a7f84e05f83be4e5a7d.exe
Files
-
6bd1372d068d74df34cfc437092d0da6dcf12f0ed4671a7f84e05f83be4e5a7d.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 20KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 672B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ