Behavioral task
behavioral1
Sample
wscript.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
wscript.exe
Resource
win10v2004-20240412-en
General
-
Target
wscript.exe
-
Size
93KB
-
MD5
50af5e7d5d665f6e9cca447af7e8b1e5
-
SHA1
8cde307749103cf895cd8c2d87a8a73aa1017fa8
-
SHA256
c7cc2d0b72eba9ef36f0ec9ad721b8a9e0dbaacb9121ccbead85b9751eb6f45b
-
SHA512
abdcb709f2c1c7e951b9f4a61b0766db965376476043fba7c8f182740ece3e2be6ca2e7a66e09c1327274af2f507fb2cf3f5e39b2b80619f5aa33b8fb28117e2
-
SSDEEP
768:QY3CUfhWXxyFcxovUKUJuROprXtWNEpeYhYbmXxrjEtCdnl2pi1Rz4Rk3lsGdpc3:KU5WhIUKcuOJRpPhBjEwzGi1dD1DcgS
Malware Config
Extracted
njrat
0.7d
HacKed
hakim32.ddns.net:2000
wscript.ddns.net:5552
7cf4c2536f30115b1e3e9ebf8675233a
-
reg_key
7cf4c2536f30115b1e3e9ebf8675233a
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource wscript.exe
Files
-
wscript.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 92KB - Virtual size: 91KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ