Behavioral task
behavioral1
Sample
db36cafda963b6464923356faf6e9ae1b953b2a85dcfd7c372c925407f1c21a5.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
db36cafda963b6464923356faf6e9ae1b953b2a85dcfd7c372c925407f1c21a5.exe
Resource
win10v2004-20240412-en
General
-
Target
791a4175efeb80014ae7a728dedba39e9b32eb213668786bf7cb143971408170
-
Size
16KB
-
MD5
905f2ebbb68d3b9a26b25865dcd8df1b
-
SHA1
80a392537495b48e8084dea74250e6603e2d45f5
-
SHA256
791a4175efeb80014ae7a728dedba39e9b32eb213668786bf7cb143971408170
-
SHA512
3198a668410a6054c53cc36c29ebf0351846720c8c5ac3e58de579474527b5bf99d10f33958ec6c298c76379e6a37da30df6bd077d03f8b66babff261af4e3e5
-
SSDEEP
384:x1FKN7jBCufsvVhqYjb3efF4OSUfwRbek0a8BdXQRusvKh4dk:x1FKN7jBC2svVLj7mxSGMl8BFQbvK2k
Malware Config
Extracted
njrat
im523
HacKed
0.tcp.eu.ngrok.io:15574
3af7f2b1f33dad1da92e7f8ffbbc0386
-
reg_key
3af7f2b1f33dad1da92e7f8ffbbc0386
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/db36cafda963b6464923356faf6e9ae1b953b2a85dcfd7c372c925407f1c21a5.exe
Files
-
791a4175efeb80014ae7a728dedba39e9b32eb213668786bf7cb143971408170.zip
Password: infected
-
db36cafda963b6464923356faf6e9ae1b953b2a85dcfd7c372c925407f1c21a5.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ