njrat | xH9gjpK4z9CH[.]exe | Triage

Sharing

General

Target

xH9gjpK4z9CH.exe
Size

32KB
MD5

6e9b2a30ae29b10a5a28b529ad4b4835
SHA1

0602ebfd273f261b57b30f6d054cad3c2a4c2e5c
SHA256

973890d4fb566bcd7ab7a680d0859e89b916c4b9e2cb65613339cedc50e5a90c
SHA512

38ab6857c385360504772f9e59e8577a16fe3eb4af36a6091df00f58fa101312b03d17cf6a61f03b178a3f9679c665b97da1ddc51c9f47eae99691a8929df945
SSDEEP

384:w0bUe5XB4e0XuOtkQq1pvmufCsIsMWT8tTUFQqz9zObbU:1T9ButuQqvvmu651bU

Score

10^/10

nyan cat njrat

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

promesasalvaro1.duckdns.org:5557

Mutex

373ba4d5d1814906b

Attributes

reg_key
373ba4d5d1814906b
splitter
@!#&^%$

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
xH9gjpK4z9CH.exe

Files

xH9gjpK4z9CH.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ