njRAT,njRAT.07Green | acf17b69da3e

Classifications

Backdoor Keylogger

Threat Names

njRAT njRAT.07Green

Dynamic Analysis Report

Created on 2024-04-27T09:41:02+00:00

777.exe

Windows Exe (x86-32)

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\RDhJ0CNFevzX\Desktop\777.exe

Sample File

Binary

MIME Type	application/vnd.microsoft.portable-executable
File Size	37.00 KB
MD5	5bfdd6f255b2dae01d5c4659013cf60a
SHA1	5c13ff1330c95618545e0227ee5cc63abc54abd0
SHA256	acf17b69da3e82d40c98c9cb27c04d190a694a62113e764e8ebdf8ff08da2c37
SSDeep	384:IAG23hUidkGXR21cGMy8Pqq53tGFlymkirAF+rMRTyN/0L+EcoinblneHQM3epzl:ZG23ZLGv8Pqq58imHrM+rMRa8Nujlt
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744

File Reputation Information

Verdict

Malicious

PE Information

Image Base	0x00400000
Entry Point	0x0040ABBE
Size Of Code	0x00008C00
Size Of Initialized Data	0x00000600
File Type	IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type	IMAGE_FILE_MACHINE_I386
Compile Timestamp	2024-04-27 07:17 (UTC)

Sections (3)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x00402000	0x00008BC4	0x00008C00	0x00000200	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	5.61
.rsrc	0x0040C000	0x00000240	0x00000400	0x00008E00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	4.97
.reloc	0x0040E000	0x0000000C	0x00000200	0x00009200	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	0.08

Imports (1)

mscoree.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CorExeMain	-	0x00402000	0x0000AB8C	0x00008D8C	0x00000000

Memory Dumps (7)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
777.exe	1	0x00060000	0x0006FFFF	Relevant Image	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump
buffer	1	0x048E8000	0x048EFFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x0486A000	0x0486FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x0457E000	0x0457FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x001B6000	0x001BFFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
777.exe	1	0x00060000	0x0006FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump
777.exe	1	0x00060000	0x0006FFFF	Final Dump	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump

YARA Matches (1)

Rule Name	Rule Description	Classification	Score	Actions
njRAT	njRAT	Backdoor	5/5	... Actions Show Ruleset Show Match

Function Logfile

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".

Before

After

WHOIS Domain Information

Screenshot

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

Before

After

WHOIS Domain Information