General
-
Target
kadick.exe
-
Size
93KB
-
MD5
4d3ed6daa01167b450eb626f6a89d38b
-
SHA1
017f0e8f41ed82f9dbeabe69a4028c0d65a6f275
-
SHA256
ff45915aae8dd4f108c9fb9c8f4c0efa4e9f0ce493c4aef438dc9ef15e5b98b8
-
SHA512
61cd49ddc41bda6fb6ba5e318d3a81df0a45732aad8b9d9addb73aa6247cd35d5e5abdc5c62acc0408e869324c35559f65703b1d9c6f263d17b971658395fa45
-
SSDEEP
1536:GNx/uy8MHLcLRNxSzyjEwzGi1dDSDMgS:GNNBHLclNkzbi1dsl
Malware Config
Extracted
njrat
0.7d
ggg
hakim32.ddns.net:2000
2.tcp.eu.ngrok.io:14473
154b2cd7f28be006defb448e04cd5586
-
reg_key
154b2cd7f28be006defb448e04cd5586
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource kadick.exe
Files
-
kadick.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 92KB - Virtual size: 91KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ