Behavioral task
behavioral1
Sample
xaKdKZI3e9WD.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
xaKdKZI3e9WD.exe
Resource
win10v2004-20230703-en
General
-
Target
xaKdKZI3e9WD.exe
-
Size
32KB
-
MD5
e37c35d72029ee64e9b86adc6dfb53f6
-
SHA1
96c572d1c7813e821bcac26460a4b8777c4e7cf6
-
SHA256
e936c50b852c04e153e12893717f7ef6e059dbce99fe615243d1109c5cd1de66
-
SHA512
ba4884d732546668d1bd3d0f0b7372e4561063e3243eb7f1421962d43983e5704e9ebcf722403b0ae3fa6224500a7253c576f2064c6e2fb9aadc8e85e38f739a
-
SSDEEP
384:00bUe5XB4e0XGODB4GepWTvtTUFQqz97ObbbF:RT9BuVmDulbZ
Malware Config
Extracted
njrat
0.7NC
NYAN CAT
tiagoodiaz.duckdns.org:1994
86a69f103ad
-
reg_key
86a69f103ad
-
splitter
@!#&^%$
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource xaKdKZI3e9WD.exe
Files
-
xaKdKZI3e9WD.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 20KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 704B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ