Behavioral task
behavioral1
Sample
x5rcnYdSS63I.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
x5rcnYdSS63I.exe
Resource
win10v2004-20230831-en
General
-
Target
x5rcnYdSS63I.exe
-
Size
32KB
-
MD5
7377cd7083dd08f6c896069b6e235525
-
SHA1
3dd5b7405fdc95686a8aaf1fbb60b37f9f6482c0
-
SHA256
37a9de85c77b7c0bcf5e7147ec294a3bb9158aff6a5b2aca6e98b11d33c4ae75
-
SHA512
b14fa6d7dfdfc5645d65dab251a144196e2f929db756d27e344a7e4c7d40efc03f83dd8a3350d4d11d0debabb15c922a07e06d42958df4f6c5115de6bf1d6065
-
SSDEEP
384:f0bUe5XB4e0XfOZeANuiEO0YaBWTatTUFQqzFSObb8:UT9Bu2IguiEYqgb8
Malware Config
Extracted
njrat
0.7NC
NYAN CAT
gremabenj.duckdns.org:3110
91724ed444764
-
reg_key
91724ed444764
-
splitter
@!#&^%$
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource x5rcnYdSS63I.exe
Files
-
x5rcnYdSS63I.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 20KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 664B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ