Behavioral task
behavioral1
Sample
35b85fa3d704f84a318b4fd3c79fd5e0de4d13a166ae2950878066651c02e412.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
35b85fa3d704f84a318b4fd3c79fd5e0de4d13a166ae2950878066651c02e412.exe
Resource
win10v2004-20240802-en
General
-
Target
35b85fa3d704f84a318b4fd3c79fd5e0de4d13a166ae2950878066651c02e412
-
Size
37KB
-
MD5
7bb7d53306c6f5fdd2ce65ef1d2f7dbb
-
SHA1
90028422f4d3ef115c30040ec06bd127e99bbfbd
-
SHA256
35b85fa3d704f84a318b4fd3c79fd5e0de4d13a166ae2950878066651c02e412
-
SHA512
6d6fca12927c0426ffc5c5f62d368448b62bc2787cdf93bba6dcc2566f474b5b7b21c3c99dad1b8c4431292a515f0f6c41ce74cc1f38d6af1f6fd7c199296556
-
SSDEEP
384:PJucP97LsikX9zNf/1uyU7/I3/9sWA7zrAF+rMRTyN/0L+EcoinblneHQM3epzXR:rPlil1lU7/I1dAnrM+rMRa8Nuskt
Malware Config
Extracted
njrat
im523
HacKed
ouss.freedynamicdns.net:1998
906b0c82e2fdcdc83089be513c894263
-
reg_key
906b0c82e2fdcdc83089be513c894263
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 35b85fa3d704f84a318b4fd3c79fd5e0de4d13a166ae2950878066651c02e412
Files
-
35b85fa3d704f84a318b4fd3c79fd5e0de4d13a166ae2950878066651c02e412.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ