Behavioral task
behavioral1
Sample
bPbd.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
bPbd.exe
Resource
win10v2004-20230703-en
General
-
Target
bPbd.exe
-
Size
32KB
-
MD5
5a7c6112d7a5b57754c4a7356363e4c1
-
SHA1
09aa3118bfec7c9ad065ca78bf4d124c28823dc6
-
SHA256
57ff04bbef6df7f5c65fdad2dd633ff532abde0f209b425fcf24c642c0ec899a
-
SHA512
26555e5192d24d9a3a697de404d6e97c0e3366ff0c73e38385d8ff4dec31fbfc0a024b6cf937a261699a83666f91825bedf344d5b702efef8544dea4fc2d96dc
-
SSDEEP
384:o0bUe5XB4e0XGOnjHdqlzkB8N/uWTHtTUFQqzFbqObb3f:dT9BuVrdKTgbv
Malware Config
Extracted
njrat
0.7NC
NYAN CAT
4Mekey.myftp.biz:2411
398711e928c5489e834
-
reg_key
398711e928c5489e834
-
splitter
@!#&^%$
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource bPbd.exe
Files
-
bPbd.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 20KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 704B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ