njrat | a4e43b5b2605e7c9940502d2d3a67192[.]bin | Triage

Sharing

General

Target

a4e43b5b2605e7c9940502d2d3a67192.bin
Size

10KB
MD5

5b0445286d519eaedcd46c7cc73c8dbf
SHA1

1d628744b37a00150f8d314dfc6aa7ffd7701b55
SHA256

a7d021f95645b66d99857cadcbfc35821bfc7cab7e41c527e2572a0b5cb5bc50
SHA512

91c56d647c9aac5e32fe83ff367cf2191c0c81e0f39687fe7c9e83fa02ec578f604eb54a084ae3836127e799f2fbc7dad542119d636026ead9dc8bfba7eb7c83
SSDEEP

192:OYILzxvPa1PQpX9SeoeprXGObxpUh8GXjEm1RfR9J/8BYTrAnUEx1g:mxvPa1PyX9BXpSObMheuRfp0BkAn4

Score

10^/10

nyan cat njrat

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

20.234.71.164:1021

Mutex

c0381e54520e4

Attributes

reg_key
c0381e54520e4
splitter
@!#&^%$

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/e5d52eb607a215419fcfeeb58a8ab61680da4cb480598de4bf4299624e19f4d4.exe

Files

a4e43b5b2605e7c9940502d2d3a67192.bin
.zip

Password: infected
e5d52eb607a215419fcfeeb58a8ab61680da4cb480598de4bf4299624e19f4d4.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ