Behavioral task
behavioral1
Sample
a407ae1ed0a941a41d223a64cefd0baf5163bc4fd35b020d562b7cf3b83442b6.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
a407ae1ed0a941a41d223a64cefd0baf5163bc4fd35b020d562b7cf3b83442b6.exe
Resource
win10v2004-20241007-en
General
-
Target
a407ae1ed0a941a41d223a64cefd0baf5163bc4fd35b020d562b7cf3b83442b6
-
Size
37KB
-
MD5
8123fc137d73b3b92fc40be61af08ace
-
SHA1
b11168a1ad6d72808b176f0c889bfa220d13813e
-
SHA256
a407ae1ed0a941a41d223a64cefd0baf5163bc4fd35b020d562b7cf3b83442b6
-
SHA512
cf225e298886dc63584f7615891a3f4fc9773d4e2078a1363dba8547b1e85627b5bb5dcc18dbbcd51e3375bc18fb122ae4846bb92735d0c963ac0e9f71f56453
-
SSDEEP
384:eLExxTGARStybaVhonbUOgg5Ctc5EmAoiCWsWGac5LoaPGtvx93pMKm+M5hsTz6N:IExTyLhChggkdeWKacbOtbNqTYDYRD
Malware Config
Extracted
njrat
0.7d | By Brontok
Victim
spk.accesscam.org:55554
m9o1ocabbaxon9ndffebx7uutlcl49nl
-
reg_key
m9o1ocabbaxon9ndffebx7uutlcl49nl
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource a407ae1ed0a941a41d223a64cefd0baf5163bc4fd35b020d562b7cf3b83442b6
Files
-
a407ae1ed0a941a41d223a64cefd0baf5163bc4fd35b020d562b7cf3b83442b6.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ