Behavioral task
behavioral1
Sample
3584010af4c61f06ddedbc2d740c5c787ac08e62e00f6ec267cd73baef3b21f4.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
3584010af4c61f06ddedbc2d740c5c787ac08e62e00f6ec267cd73baef3b21f4.exe
Resource
win10v2004-20231215-en
General
-
Target
3584010af4c61f06ddedbc2d740c5c787ac08e62e00f6ec267cd73baef3b21f4.exe
-
Size
32KB
-
MD5
560258045e1fd3080bf52e895fde2560
-
SHA1
a1acc7bb8e0ac62ed79ca9a1645e2f80c66e68e4
-
SHA256
3584010af4c61f06ddedbc2d740c5c787ac08e62e00f6ec267cd73baef3b21f4
-
SHA512
a16533ce8b451082df45c02eeedc8838dfce0d6b38c0e3bf8f3488e192f6942786060a6ddffb80c22edbfe75c4d67f74e0f91ae8c7e24633c9ff063ffe8e0667
-
SSDEEP
384:V0bUe5XB4e0XppOjfmiaXLilpknDEWTItTUFQqz9uObb6:2T9BuGjtaXWlhkb6
Malware Config
Extracted
njrat
0.7NC
NYAN CAT
patria.duckdns.org:1995
9be7628ed206488eb4d
-
reg_key
9be7628ed206488eb4d
-
splitter
@!#&^%$
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 3584010af4c61f06ddedbc2d740c5c787ac08e62e00f6ec267cd73baef3b21f4.exe
Files
-
3584010af4c61f06ddedbc2d740c5c787ac08e62e00f6ec267cd73baef3b21f4.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 20KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 680B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ