General

  • Target

    bT6q.exe

  • Size

    32KB

  • MD5

    61c272a9360a04c49a20c70539ee7d6b

  • SHA1

    9d044d975232827e20d8b540b20938f4d81d3572

  • SHA256

    1033deb03fd79ce8fcd5908e9530d4cde4c3743685787a831e22c148487bb719

  • SHA512

    6c56718d31cf756a218db24688d7fe2b5f4b7c0c7899fd9335caa79934c8ec14763d9166b6a50bfde1c01087759796aef9f41168d0907a0074c45fabf35f675d

  • SSDEEP

    384:N0bUe5XB4e0X7OxZggUBZIGjWTvtTUFQqzFDObbZ:eT9BuCzggUBZId9bZ

Score
10/10

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

patria.duckdns.org:1994

Mutex

84aa300ad783

Attributes
  • reg_key

    84aa300ad783

  • splitter

    @!#&^%$

Signatures

  • Njrat family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • bT6q.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections