Behavioral task
behavioral1
Sample
1.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
1.exe
Resource
win10v2004-20241007-en
General
-
Target
1.exe
-
Size
55KB
-
MD5
ac8733a16862797fe27d86a080a46cce
-
SHA1
4884cd013329a1b434f2ec8906223ef96b89d00c
-
SHA256
585de753d93fcfd637af3d7c9814bd9dd42f733d3167a25f420bed3f075cf0f7
-
SHA512
a142f852fcb4cc7067738e71df8e286060888142cc2924f006c2a9e8d154998c6f171a94ba89355847641375307d0562087e486819defb679ecb2b0fe533671c
-
SSDEEP
768:ZVbHFOt1MankGn2NsW6ingB3wkkSNOmwFvfu0YMDHPsAL7XJSxI3pmwm:ZVZcDn4NsRinqtDDwsNMD3XExI3pmwm
Malware Config
Extracted
njrat
<- NjRAT 0.7d Horror Edition ->
Victim
november-knife.gl.at.ply.gg:31521
11ebedf6aaa70ff2ab1151cb697977f2
-
reg_key
11ebedf6aaa70ff2ab1151cb697977f2
-
splitter
Y262SUCZ4UJJ
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1.exe
Files
-
1.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 53KB - Virtual size: 52KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ