Behavioral task
behavioral1
Sample
2toned (1).exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2toned (1).exe
Resource
win10v2004-20240508-en
General
-
Target
2toned (1).exe
-
Size
93KB
-
MD5
0f7ded44b2e9ae305f705b553bbb103a
-
SHA1
f59500f7b2ab7349d3d4642ce62d34733c30cef7
-
SHA256
2fe3787ef46112ec56659f0476410355318fb5a079f7af4996966191eeb83948
-
SHA512
78e56c6a96d4b01a61ab726cb549505edb431e8601064d59e9719c3b1276a3ef9ba047af9f7c2196f92b3d1f32e7185bc58fb9195efabb87b286224556b4ae71
-
SSDEEP
1536:tl4gCxdKt75sOTjonrzGVjEwzGi1dDhDsgS:tladKDhT4rzGii1dVF
Malware Config
Extracted
njrat
0.7d
HacKed
hakim32.ddns.net:2000
127.0.0.1:5552
9c1a3429b23fb7424c45639b3d5e9adf
-
reg_key
9c1a3429b23fb7424c45639b3d5e9adf
-
splitter
|'|'|
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 2toned (1).exe
Files
-
2toned (1).exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 92KB - Virtual size: 91KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ