Behavioral task
behavioral1
Sample
ea0bca71a5a4b7e0e4dad6ccc64ffc2dc940e83d7ae54449e9bf6f3ed1ccc568.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
ea0bca71a5a4b7e0e4dad6ccc64ffc2dc940e83d7ae54449e9bf6f3ed1ccc568.exe
Resource
win10v2004-20230703-en
General
-
Target
14c4e906889f3571e4948a5d5ae96a33.bin
-
Size
10KB
-
MD5
bc64fb77b94783f50bcea55904c9da06
-
SHA1
3da4ca57c4de3ae679c782106c137acb1d54849f
-
SHA256
7a38357b14d153332eb806b1aa00500a75508575133ed1ca471e2af3d3169f26
-
SHA512
cf8aae29c6161a4c394eb9afbd1cb6327c81303684e138bf9aa8788d7723a7906f10885078af82d7334623b334a24371ff8350851a7678f9e44bc6283604ed3c
-
SSDEEP
192:XrbzL+jk3l8m+xH2k3rC+rNcLg2go9WmR+4KAjV9E1VJ5Lhn05ML6k28M98Bhq2c:n+jk3um+x37CIVLSGvnW5Mg9qc
Malware Config
Extracted
njrat
0.7NC
NYAN CAT
tesxnext.duckdns.org:9993
9a2f49f03d144a2
-
reg_key
9a2f49f03d144a2
-
splitter
@!#&^%$
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/ea0bca71a5a4b7e0e4dad6ccc64ffc2dc940e83d7ae54449e9bf6f3ed1ccc568.exe
Files
-
14c4e906889f3571e4948a5d5ae96a33.bin.zip
Password: infected
-
ea0bca71a5a4b7e0e4dad6ccc64ffc2dc940e83d7ae54449e9bf6f3ed1ccc568.exe.exe windows x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 20KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 744B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ