njrat | xlwuQNjwg68B[.]exe | Triage

Sharing

General

Target

xlwuQNjwg68B.exe
Size

32KB
MD5

5c17105bc706c20a5f518b6865a2fa95
SHA1

d408c53ad763f176d21e309725b56e00d7ac1901
SHA256

a68a0d1275a071e01436ccdfa2746c3a6849a108c8c4797b12178c0d2d2a5769
SHA512

44f61ecada5c6aee7abcb095cf424f621f357e743ab1ae413517fac106a585310cbfb811cb987d0644af54e765684b042c2b3b990295fa40968bde31aa771a14
SSDEEP

384:t0bUe5XB4e0XeOllpiaXLilpknD0WTgtTUFQqz9OObbm:+T9Bu9lKaXWlpMbm

Score

10^/10

nyan cat njrat

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

vbatallafinal24.duckdns.org :0101

Mutex

c9e5df3ad953438

Attributes

reg_key
c9e5df3ad953438
splitter
@!#&^%$

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
xlwuQNjwg68B.exe

Files

xlwuQNjwg68B.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ