Behavioral task
behavioral1
Sample
Client1.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Client1.exe
Resource
win10v2004-20220812-en
General
-
Target
Client1.exe
-
Size
32KB
-
MD5
9f1fef59301a288aea6a7bfc34926e31
-
SHA1
465a99fa8553759afd6711e0055c1f7c7dfce97e
-
SHA256
b5c7d7927b10416007f1752f95e972ca21bc6f4e3ecad0efbcd1b57591430b2e
-
SHA512
cc10847ce0e172dbad791b62e49d5445a7c0071c21d39ad61e06d3b767a3ad2853acb57bce54670fb3a77e865ba9890c5a4ddaeb75ecc37ec98d22f30d01e2e9
-
SSDEEP
384:Q0bUe5XB4e0XhObaSjgkM8WTCtTUFQqz9KObbS:VT9Bu4+SjeSIbS
Malware Config
Extracted
njrat
0.7NC
NYAN CAT
nsdeck.duckdns.org:57829
66dd6e8e74
-
reg_key
66dd6e8e74
-
splitter
@!#&^%$
Signatures
-
Njrat family
Files
-
Client1.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 20KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 672B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ