General

  • Target

    14c4e906889f3571e4948a5d5ae96a33.bin

  • Size

    10KB

  • MD5

    bc64fb77b94783f50bcea55904c9da06

  • SHA1

    3da4ca57c4de3ae679c782106c137acb1d54849f

  • SHA256

    7a38357b14d153332eb806b1aa00500a75508575133ed1ca471e2af3d3169f26

  • SHA512

    cf8aae29c6161a4c394eb9afbd1cb6327c81303684e138bf9aa8788d7723a7906f10885078af82d7334623b334a24371ff8350851a7678f9e44bc6283604ed3c

  • SSDEEP

    192:XrbzL+jk3l8m+xH2k3rC+rNcLg2go9WmR+4KAjV9E1VJ5Lhn05ML6k28M98Bhq2c:n+jk3um+x37CIVLSGvnW5Mg9qc

Score
10/10

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

tesxnext.duckdns.org:9993

Mutex

9a2f49f03d144a2

Attributes
  • reg_key

    9a2f49f03d144a2

  • splitter

    @!#&^%$

Signatures

  • Njrat family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 14c4e906889f3571e4948a5d5ae96a33.bin
    .zip

    Password: infected

  • ea0bca71a5a4b7e0e4dad6ccc64ffc2dc940e83d7ae54449e9bf6f3ed1ccc568.exe
    .exe windows x86

    Password: infected

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections