General
-
Target
Anzixsotfrage.exe
-
Size
93KB
-
MD5
3cb7d7e431026695b59d4c84da52d915
-
SHA1
4f3444eac8d73e4a8252802b429dcb8548f0b3fb
-
SHA256
40c8e8703a91557c8390a763ca9906e66c8a409784a5c613c3da0016a6bd42ce
-
SHA512
3fa423ef44de931217623899e2161650997f9e5faf48407a9c4d8fc120c915cfb9f4fb975b132258ce74cb6c64813a95988a65c5cadde6b4a167a154ad13c86d
-
SSDEEP
1536:kUwC+xhUa9urgOBPmNvM4jEwzGi1dDVDwgS:kUmUa9urgOkdGi1dhZ
Malware Config
Extracted
njrat
0.7d
HacKed
hakim32.ddns.net:2000
0.tcp.sa.ngrok.io:14535
ada44a92fed16577d8c527f91a9a3d8d
-
reg_key
ada44a92fed16577d8c527f91a9a3d8d
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Anzixsotfrage.exe
Files
-
Anzixsotfrage.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 92KB - Virtual size: 91KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ