Behavioral task
behavioral1
Sample
x89FXkN44gPL.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
x89FXkN44gPL.exe
Resource
win10v2004-20231222-en
General
-
Target
x89FXkN44gPL.exe
-
Size
32KB
-
MD5
af62af34b7bd1a76326e4694dbd2b65a
-
SHA1
72419745dc9279dc81f39b534be84754ad9d33cb
-
SHA256
5079d77c36ad411dc614e579e28c2a95b96fc2372effd822f1c718fda39abb5a
-
SHA512
b95fc42ab1a7d085f80f734d34c0a8c604290ad7a7c20f07754716a6688dc1d2e2418ac71fef4b5fde084c8e16d594156ee8450fb11764b5579977a0b7f06bcc
-
SSDEEP
384:u0bUe5XB4e0XuORpQq1pvmufCsIspWTxtTUFQqz9aObbj:/T9ButrQqvvmu61obj
Malware Config
Extracted
njrat
0.7NC
NYAN CAT
vbatallafinal23.duckdns.org:0101
5a1c382f7688415aa79
-
reg_key
5a1c382f7688415aa79
-
splitter
@!#&^%$
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource x89FXkN44gPL.exe
Files
-
x89FXkN44gPL.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 20KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 688B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ