Behavioral task
behavioral1
Sample
bOTj.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
bOTj.exe
Resource
win10v2004-20230703-en
General
-
Target
bOTj.exe
-
Size
32KB
-
MD5
d46f1f55a640e3ef3b694602a70e59ed
-
SHA1
cda09398a5611ab78cd16feea8c4dda9582b52af
-
SHA256
d6ad84287643e005e6a53037fbddd106b224524ad2b6157eee6445942cb6a954
-
SHA512
37f8fb38546355ea591a3e2ecb7596ced47068967cc88d950db72b928bf00f354256489e99aef190379f98f9e6bf37d84ff73063d954038a4fd88dba728c15a8
-
SSDEEP
384:g0bUe5XB4e0XmOnPw0Q0mS03AWTxtTUFQqzF0ObbZ:FT9Bu1I55dabZ
Malware Config
Extracted
njrat
0.7NC
NYAN CAT
fortuna777.duckdns.org:1994
034a57ce3a384
-
reg_key
034a57ce3a384
-
splitter
@!#&^%$
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource bOTj.exe
Files
-
bOTj.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 20KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 672B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ