General
-
Target
รันตัวนี้ก่อน.exe
-
Size
23KB
-
MD5
8369470b0f9366a47ef3298eb2308421
-
SHA1
704ea793e25020844150db3c06e41ab7240d2262
-
SHA256
9bb5e4126e8b4e604a0bc9f3754c571b5d3cd8c822e52c0a1e60c772fc46c968
-
SHA512
9aad4351281b571e77a7b55a6c318c3e6765117a03d23a55a22c0d8cb9cdca42642ec433a0fd273b98a1b209ea8368c82263f3bfc1e3efdd9ca79c848abe0976
-
SSDEEP
384:j8aSyS9gB3Y1KIay2X8cLZI6XgxsGJVPpmRvR6JZlbw8hqIusZzZ8F:o589tXvRpcnuL
Malware Config
Extracted
njrat
0.7d
hack
154.215.14.34:5552
4588331a18199575248c5678c4455a77
-
reg_key
4588331a18199575248c5678c4455a77
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource รันตัวนี้ก่อน.exe
Files
-
รันตัวนี้ก่อน.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ