Behavioral task
behavioral1
Sample
908225291224a1234122a141319807eba04040d97a311c0c0eacbb5591ff53fd.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
908225291224a1234122a141319807eba04040d97a311c0c0eacbb5591ff53fd.exe
Resource
win10v2004-20241007-en
General
-
Target
908225291224a1234122a141319807eba04040d97a311c0c0eacbb5591ff53fd
-
Size
29KB
-
MD5
a3bebd489a0b4c4dce0673ef8b6b6754
-
SHA1
1767b75bb4a4d5dd8f4b06589b4544b89b774aa9
-
SHA256
908225291224a1234122a141319807eba04040d97a311c0c0eacbb5591ff53fd
-
SHA512
9d977a226f9b9ec2037d5bf272857a662af637ceb9b319d1fb048a923b29a893d01c3799f20595e3fb2fdb1eec96a82b26a69467b74791fa614d013306bba51d
-
SSDEEP
384:Y7hkrLGN8fNl7L5H4yAyr9n95/K4ZoumqDYcqeYtGBsbh0w4wlAokw9OhgOL1vYB:Y67R4yAy944Aq1qe5BKh0p29SgRN5
Malware Config
Extracted
njrat
0.6.4
HacKed
192.168.1.107:2278
b3d7ad373951cd040fb05f6d6f5bf314
-
reg_key
b3d7ad373951cd040fb05f6d6f5bf314
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 908225291224a1234122a141319807eba04040d97a311c0c0eacbb5591ff53fd
Files
-
908225291224a1234122a141319807eba04040d97a311c0c0eacbb5591ff53fd.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 27KB - Virtual size: 26KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ