njrat | xcdtTzO4LFYE[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

xcdtTzO4LFYE.exe
Size

32KB
MD5

c0843930e4ea7d34e5f59d0b7d7fde04
SHA1

4f24196573668330939b3a03daa51cd1be266af9
SHA256

9226ade19f95880e38c541b1971719ae8312217c4565d52097b60b3ec4e89854
SHA512

357ec7be7668d01fcb3248bd5f51b6e6f85739a87ab558a1ea457b2ae4c853221f1aa6a1b618c18c9484b410567b27622d6014fe7847658a4f55835f25af2777
SSDEEP

384:G0bUe5XB4e0X2OSSCixBr/Q9WTKtTUFQqzFVObbk:HT9BulS9ifrYjPbk

Score

10^/10

nyan cat njrat

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

promesasalvaro1.duckdns.org:5554

Mutex

14f2e369028146

Attributes

reg_key
14f2e369028146
splitter
@!#&^%$

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
xcdtTzO4LFYE.exe

Files

xcdtTzO4LFYE.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ