Overview

overview

10

Static

static

10

4832-164-0...ry.exe

windows7-x64

4832-164-0...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    4832-164-0x0000000000400000-0x000000000040C000-memory.dmp

  • Size

    48KB

  • MD5

    74a387e3e423cebdd7eedc0ef7077510

  • SHA1

    7e1e28e02ec95b11d2e2469a9b34e000b5484a0c

  • SHA256

    c10c913e408a56256300e1a0979130a20c45b30f3899d3146df542ed17823845

  • SHA512

    1be19c63451adbb40f9c97723d994fd9146447a2b6bf22e04d8cc77ad747170d29499ae88856c713bb0028606fd198140227e797ddb63574ff75faea7dfca8c5

  • SSDEEP

    384:/0bUe5XB4e0X7Od+SjgkMcWTStTUFQqz9XObbG:0T9BuC8SjeChbG

Score
10/10
nyan catnjrat

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

nj0509.duckdns.org:0509

Mutex

6ce9672712ba4490be

Attributes
  • reg_key

    6ce9672712ba4490be

  • splitter

    @!#&^%$

Signatures

  • Njrat family
    njrat
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 4832-164-0x0000000000400000-0x000000000040C000-memory.dmp
    .exe windows x86


    Headers

    Sections