Behavioral task
behavioral1
Sample
bT6q.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
bT6q.exe
Resource
win10v2004-20231215-en
General
-
Target
bT6q.exe
-
Size
32KB
-
MD5
61c272a9360a04c49a20c70539ee7d6b
-
SHA1
9d044d975232827e20d8b540b20938f4d81d3572
-
SHA256
1033deb03fd79ce8fcd5908e9530d4cde4c3743685787a831e22c148487bb719
-
SHA512
6c56718d31cf756a218db24688d7fe2b5f4b7c0c7899fd9335caa79934c8ec14763d9166b6a50bfde1c01087759796aef9f41168d0907a0074c45fabf35f675d
-
SSDEEP
384:N0bUe5XB4e0X7OxZggUBZIGjWTvtTUFQqzFDObbZ:eT9BuCzggUBZId9bZ
Malware Config
Extracted
njrat
0.7NC
NYAN CAT
patria.duckdns.org:1994
84aa300ad783
-
reg_key
84aa300ad783
-
splitter
@!#&^%$
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource bT6q.exe
Files
-
bT6q.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 20KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 680B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ