Behavioral task
behavioral1
Sample
bPdP.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
bPdP.exe
Resource
win10v2004-20230703-en
General
-
Target
bPdP.exe
-
Size
32KB
-
MD5
db762e1dae5b35fe09bd2dabe9d3ffc2
-
SHA1
9c1ef383f9400335438589d8961c9ae767b5ced8
-
SHA256
93cdc9b2f926d0016cfe88d3eca1baafbe9c376a0ccad2ee9e15d6d600f64def
-
SHA512
30051a1fcb433a6b8c5fc08b2b5fae3ab057f989134a5db6951c1815a7758178ddc13ed1a58c5164a154b69e6ba9eea7768b606c9bcf630b6c9ba85c0934c778
-
SSDEEP
384:tm0bUe5XB4e0XEpOjfrw0Q0mS03AWTxtTUFQqzFV3Obb9:lT9Bu1j855d6kb9
Malware Config
Extracted
njrat
0.7NC
NYAN CAT
resilencia2023.duckdns.org:2009
12ea3c8a238
-
reg_key
12ea3c8a238
-
splitter
@!#&^%$
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource bPdP.exe
Files
-
bPdP.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 20KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 672B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ