Behavioral task
behavioral1
Sample
db09709a85d82075be16e8b4810d04a14dc478d720dd8f5680d32d8afd02f3cc_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
db09709a85d82075be16e8b4810d04a14dc478d720dd8f5680d32d8afd02f3cc_JC.exe
Resource
win10v2004-20230703-en
General
-
Target
db09709a85d82075be16e8b4810d04a14dc478d720dd8f5680d32d8afd02f3cc_JC.exe
-
Size
32KB
-
MD5
3a5e863fd340ed83d844839092a57716
-
SHA1
331c9bb86b83200609aa4b6d36ce9f30270bb123
-
SHA256
db09709a85d82075be16e8b4810d04a14dc478d720dd8f5680d32d8afd02f3cc
-
SHA512
055a54cf506ede5caa25bc9f85e705f482b41e223688988e164ac6e459aab99d8055de93b8cf2465926b916488c64913c972b24146f13cfab06c1f820b84573c
-
SSDEEP
384:a0bUe5XB4e0XypOjfmiaXLilpknDzWTPtTUFQqz9RObb7:DT9BunjtaXWlNLb7
Malware Config
Extracted
njrat
0.7NC
NYAN CAT
tiagoodiaz.duckdns.org:5551994
df3365028c5e
-
reg_key
df3365028c5e
-
splitter
@!#&^%$
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource db09709a85d82075be16e8b4810d04a14dc478d720dd8f5680d32d8afd02f3cc_JC.exe
Files
-
db09709a85d82075be16e8b4810d04a14dc478d720dd8f5680d32d8afd02f3cc_JC.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 20KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 680B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ