Behavioral task
behavioral1
Sample
fb8ccba3d2d160e131c23b741394c019decda9624ee10a4bf27a20fc3391b9b6.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
fb8ccba3d2d160e131c23b741394c019decda9624ee10a4bf27a20fc3391b9b6.exe
Resource
win10v2004-20240802-en
General
-
Target
ebc00fba1ae6fca850df2e602336ff40.zip
-
Size
19KB
-
MD5
704143aaf362c3c989a0c0c9eab5b7e7
-
SHA1
806cee37e82d8875043d3b9de43019ad83b5a291
-
SHA256
79740721f44c5fdc93f7a347ac50fac2876e262d9c01e5d8a13cce7b2f401af0
-
SHA512
05c354e12e4ec838f917d719047e5618236bb2f8cefe5ded27837a4d3dac532fe2f820c8cbd9602060636136a316ed32b3267941f193f368efcefdbbb2ea04aa
-
SSDEEP
384:k9KyRfuCg5RK9FTFL1fLbPssJ/bAo0LMWrg/LlGhjIJ1342RL+d:2r+5wnrf7b8LMn/LoSn420
Malware Config
Extracted
njrat
1.9
HacKed
Microsoft.Exe
-
reg_key
Microsoft.Exe
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/fb8ccba3d2d160e131c23b741394c019decda9624ee10a4bf27a20fc3391b9b6
Files
-
ebc00fba1ae6fca850df2e602336ff40.zip.zip
Password: infected
-
fb8ccba3d2d160e131c23b741394c019decda9624ee10a4bf27a20fc3391b9b6.exe windows:4 windows x86 arch:x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 512B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ