Behavioral task
behavioral1
Sample
6bd762c59e48a2fd605e2217780e3f9d00a011330b408802bbdeaa2066c632aa.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
6bd762c59e48a2fd605e2217780e3f9d00a011330b408802bbdeaa2066c632aa.exe
Resource
win10v2004-20240226-en
General
-
Target
ea4f73e1f2cbf1495c6ac0c61113ad0ff6f04ab43b03c570feb9570f6a9e7d83
-
Size
12KB
-
MD5
24804f63246b91ce5df3831136b2de3b
-
SHA1
e144a59cf80dc4ea54c700eee8020a37e11211d0
-
SHA256
ea4f73e1f2cbf1495c6ac0c61113ad0ff6f04ab43b03c570feb9570f6a9e7d83
-
SHA512
97829f1fcdfa52ef49863833b4e9434408005b1453c08ca25c9aa3a664272b2539bfbd53327a9c37394d26e2e3805412815b735b2a1f6124c4b3df63b9eea3a9
-
SSDEEP
192:eR2XW4iVt03426RJyzcxetghbjvXPjWmlryv+t6NJNKDENwvBETjg:0Tt52UJyzcQChHX7WJ26HNKAPg
Malware Config
Extracted
njrat
v2.0
2525252525252525
2525.libya2020.com.ly:2525
Windows
-
reg_key
Windows
-
splitter
|-F-|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/6bd762c59e48a2fd605e2217780e3f9d00a011330b408802bbdeaa2066c632aa
Files
-
ea4f73e1f2cbf1495c6ac0c61113ad0ff6f04ab43b03c570feb9570f6a9e7d83.zip
Password: infected
-
6bd762c59e48a2fd605e2217780e3f9d00a011330b408802bbdeaa2066c632aa.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 25KB - Virtual size: 24KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ