Behavioral task
behavioral1
Sample
svchost (2).exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
svchost (2).exe
Resource
win10v2004-20240412-en
General
-
Target
svchost (2).exe
-
Size
37KB
-
MD5
4b35f87adde9db4df4775e739743c59c
-
SHA1
fee7574a5f039051dcb2d63fa8cdf94e61558b35
-
SHA256
7395078c587f6da109eaead4135c47967babf6ffb93509f0a15e60eedbc7f8f2
-
SHA512
e144ffd9ffe089712465f1b89178e6804d4b3b8aec04e8b0b30d231797aef9d4c735acc8aab0c622e6873ef07095b259ef87fc70a4174dd07d578ed668a6260e
-
SSDEEP
384:Ad8TgiG1CnZfursvO6ysz6jIvxATH2DirAF+rMRTyN/0L+EcoinblneHQM3epzXW:W8H5Wpsz6jIWD2GrM+rMRa8Nubl2t
Malware Config
Extracted
njrat
im523
HacKed
tue-jake.gl.at.ply.gg:29058
f6f9a84d017975575db803dfc5b5c146
-
reg_key
f6f9a84d017975575db803dfc5b5c146
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource svchost (2).exe
Files
-
svchost (2).exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ