njrat | 1257aa3a7c4ebcab95cf00c54565becd[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1257aa3a7c4ebcab95cf00c54565becd.bin
Size

10KB
MD5

b30a0eb5cce430019b1754b5eb55e133
SHA1

e58a57e05448df4d1e51e072b056f563949eb27b
SHA256

311c7a5c2b9d3b90f50c70d33e8a3d9348042888fd03d5fdbadb971a44828e85
SHA512

cd5bfc09c6927095f7e62b8d950b41a85f77b853650acb1bed38aadbbf13138ca9e1f98a2276c4f647dd7b6ab938c6e17a4412008b86046f04662c41dd9e8aaa
SSDEEP

192:i0UWu65CoYwXIqVN0g9Y2PfjRbrdKQ5BYJO3H+ExZVCGJPAVktTER:i/XxZC5ftbxv5B+X9VktTER

Score

10^/10

nyan cat njrat

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

puertocol20.duckdns.org:2054

Mutex

5fc9c87faad4

Attributes

reg_key
5fc9c87faad4
splitter
@!#&^%$

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/91b1b82d19155a4028599299e72779af33147ef437bbe72055550fe8315ce8db.exe

Files

1257aa3a7c4ebcab95cf00c54565becd.bin
.zip

Password: infected
91b1b82d19155a4028599299e72779af33147ef437bbe72055550fe8315ce8db.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ