njrat | 47e16f20263a881b3c927c540d7cb791[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

47e16f20263a881b3c927c540d7cb791.bin
Size

10KB
MD5

c5ab65cb1075b097a6ddfbd85c09273a
SHA1

b85b7888265dd8f1e9ede15442261464099b71d8
SHA256

822801a9d4be82dbe3c7df73a91fa7ea21485d947090f189cc6a585540a04c21
SHA512

9c95a2ce3255b6173786d1501b919d70a8e10b35cf3cff97e056f72f6448b7cb0bf39ef7c1df56a512898aa2de3c18cd76f2ecf87bc658a919d96f6e6d61b085
SSDEEP

192:SNXTEKTvGqocZkiGMUOUcZW3xXGf2CL44FBN1JetKGu0bIB:IZT+qoOqOUcZW3xXGfZ4uBN1nRCG

Score

10^/10

nyan cat njrat

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

seznam.zapto.org:5050

Mutex

f53b82852bd24b

Attributes

reg_key
f53b82852bd24b
splitter
@!#&^%$

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/d3d7a380b5cb59c5f7793c552dcc32edfc2281af564172388883bc597856d514.exe

Files

47e16f20263a881b3c927c540d7cb791.bin
.zip

Password: infected
d3d7a380b5cb59c5f7793c552dcc32edfc2281af564172388883bc597856d514.exe
.exe windows:4 windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ