njrat | 9ac552edfd3efac284b13c278deb3c6341bbb391b02ed6b1db5ef427de656e36[.]zip

General

Target

9ac552edfd3efac284b13c278deb3c6341bbb391b02ed6b1db5ef427de656e36.zip
Size

10KB
MD5

975c2225cc711e63fe303bcce61b698e
SHA1

c43c597d36c4241269a7110338552eff93947f78
SHA256

ff2746ec6bc160418760f749b5916b6decf414414fd8e21046a051346239a45c
SHA512

c4f0b24124fdb790fc29efa8e6293e430c65b718804d74013be3a5c858bad490bce89cead772add2a34a52473d88fab1d34e29b293bb5388290c5e64b4b12368
SSDEEP

192:a0wKRoR+fYjhkbpSvRpfLiaFeweMay3PELFlDRpByJz7gHs3k6rOvOImexf0wq/3:vRocYm1+RF+aGy64EsRrwfmK0w9e7

Score

10^/10

nyan cat njrat

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

servicios-cne.duckdns.org:2054

Mutex

23474e64527f

Attributes

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/9ac552edfd3efac284b13c278deb3c6341bbb391b02ed6b1db5ef427de656e36.exe

9ac552edfd3efac284b13c278deb3c6341bbb391b02ed6b1db5ef427de656e36.zip
.zip

Password: infected
9ac552edfd3efac284b13c278deb3c6341bbb391b02ed6b1db5ef427de656e36.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ