Behavioral task
behavioral1
Sample
b88ea99a578d819000485da4b80ee871488088804481dc91698986c0c90f7c9e.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
b88ea99a578d819000485da4b80ee871488088804481dc91698986c0c90f7c9e.exe
Resource
win10v2004-20241007-en
General
-
Target
b88ea99a578d819000485da4b80ee871488088804481dc91698986c0c90f7c9e
-
Size
24KB
-
MD5
9cf8c4a53d5e1c1646b07fd9a20f3df5
-
SHA1
5b6bf82acb11421e90cede493d99931b750f23cd
-
SHA256
b88ea99a578d819000485da4b80ee871488088804481dc91698986c0c90f7c9e
-
SHA512
f21bcb90dfb9db76e09323152ad8bf5bee9f3a07c403e05e4f99efc557a318782a04af2140d73cef0c54f8fc9b3680b4881a2867470ff4fafd1b2f726cab9851
-
SSDEEP
384:HcqbCK0l4h7o9SVyDGvENuh46/gJkOmMSW38mRvR6JZlbw8hqIusZzZt6bR:830py6vhxaRpcnun1
Malware Config
Extracted
njrat
0.7d
nesck
gfknoux.localto.net:3435
fda26501f9b381c7e35e3965cc3cee82
-
reg_key
fda26501f9b381c7e35e3965cc3cee82
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b88ea99a578d819000485da4b80ee871488088804481dc91698986c0c90f7c9e
Files
-
b88ea99a578d819000485da4b80ee871488088804481dc91698986c0c90f7c9e.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ