Behavioral task
behavioral1
Sample
Payload.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
Payload.exe
Resource
macos-20240711.1-en
General
-
Target
Payload.zip
-
Size
24KB
-
MD5
b7e5053c63a747fef10313dc94e15b57
-
SHA1
2e6099c5d2de7f05072992a67c3304a48147bbdb
-
SHA256
270ce36f6d56dc4cc4252d2a2c5b2cb2b240dc3d87c02068b072b1620ea4267e
-
SHA512
a46b0adae4b8b1d29fc334e1329d749ac4c7a636e4759ff383513a1fc37c841bab45a2ac46b7e5920da2210d2078f2dc7c275f0563353b02a8110457bbab8e31
-
SSDEEP
768:804vHW67qjrgG9j9SZyfaMJMa2lhTfh6cbJ9uFtX3z1SaKgsv9:H4v260g2XYfbbJ9i539KF
Malware Config
Extracted
njrat
<- NjRAT 0.7d Horror Edition ->
Victim
tlkkyhm.localto.net:7608
6943dac507c43de133ee9a5ce32fd755
-
reg_key
6943dac507c43de133ee9a5ce32fd755
-
splitter
Y262SUCZ4UJJ
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/Payload.exe
Files
-
Payload.zip.zip
-
Payload.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 53KB - Virtual size: 52KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ