General
-
Target
2340-5-0x0000000000A40000-0x0000000000A4C000-memory.dmp
-
Size
48KB
-
MD5
1d351e7e75546071025e82bd2f9cadfe
-
SHA1
9ab9f19ec6f099f45b266ef024865662f224ed12
-
SHA256
22eda7aee80fe6a87908f3ed5838e39f1c2a05cb950bd3c472bcf6b64ab6ceeb
-
SHA512
5071330275a005259e71f638a22047edafb7bee3d21323406d3dbfbcdd4a5309df4b78faa431065ace574a47daeb30b2d54489045d24934f004bcfbe1dda97ed
-
SSDEEP
384:50bUe5XB4e0XGOfOLsw0Q0mS038WTptTUFQqzFBObbJ:CT9BuVk5555XbJ
Malware Config
Extracted
njrat
0.7NC
NYAN CAT
seznam.zapto.org:5050
587285a8a9a841d
-
reg_key
587285a8a9a841d
-
splitter
@!#&^%$
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2340-5-0x0000000000A40000-0x0000000000A4C000-memory.dmp
Files
-
2340-5-0x0000000000A40000-0x0000000000A4C000-memory.dmp.exe windows:4 windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 20KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 672B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ