Behavioral task
behavioral1
Sample
Server 2.exe
Resource
win10v2004-20240611-en
General
-
Target
Server 2.exe
-
Size
93KB
-
MD5
ec6bedfc8918668daf892b946d8d8998
-
SHA1
ee4ef91775da5314e87bda7bd6bdeb6a8479ce0c
-
SHA256
c661d366b4023b33cbd80de638f69f3784150b1158ea7241bf01ea1f3cdaaf81
-
SHA512
c1c5829fa03f7b3e4021fec8d051623412e1d7807beb3c144e0e1f148561310289dbb1365ed1e6c031328005e1ae26b15603f90600417ffea14d73a04d384607
-
SSDEEP
768:8Y3zeZFKghFchQVTqWnwz/1h3XE/blczxXSsvXxrjEtCdnl2pi1Rz4Rk3msGdph3:ne/K6bTq8itNE2VhjEwzGi1dDiDhgS
Malware Config
Extracted
njrat
0.7d
Debil
hakim32.ddns.net:2000
127.0.0.1:446
cc405cae27ac73abb849a970df5f673a
-
reg_key
cc405cae27ac73abb849a970df5f673a
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource Server 2.exe
Files
-
Server 2.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 92KB - Virtual size: 91KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ