njrat | bTgf[.]exe | Triage

Sharing

General

Target

bTgf.exe
Size

32KB
MD5

8abbf7343d730cb8553d80e10b1e6531
SHA1

ee6e6f3aa8634578cf130a08abbddbb9931a11f0
SHA256

17425460080c57194359e19b4627563431bdbc26a80d706eafef39de8cf96298
SHA512

70359ba60773a2c16578cb62448ed0166c9b1a39ede8c56b1af50a3013966df92c03a719e6ddd81e9cbd3e4bc5da83d380da3e097d82e564075ed3d9dce20e25
SSDEEP

384:T0bUe5XB4e0XSOVcsw0Q0mS03AWTxtTUFQqzFtiCObbR:AT9BuR6555dIiBbR

Score

10^/10

nyan cat njrat

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

20.234.71.164:1021

Mutex

8c2168f63b0144098dd

Attributes

reg_key
8c2168f63b0144098dd
splitter
@!#&^%$

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bTgf.exe

Files

bTgf.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ