njrat | ea0f33e5f808a305140c29d84b8fbc561485df4ed142fd8fdf75a5ba7ddb0af9

General

Target

ea0f33e5f808a305140c29d84b8fbc561485df4ed142fd8fdf75a5ba7ddb0af9
Size

10KB
MD5

e45221a6b7a9226f680b5cb6d49341f4
SHA1

e2b35e170da68f5eff7a0e2098ba405acb3644c7
SHA256

ea0f33e5f808a305140c29d84b8fbc561485df4ed142fd8fdf75a5ba7ddb0af9
SHA512

b33107ff51cfe81a3b9167503295451f437614d053525803e31a15c05ef27906af8155e03154f99f1338ee4baa474c69f1b494eebd3fc17c8506e9055017e2fb
SSDEEP

192:ZxGSKla++qzT/1CKYDAmJAnjinF7iuX2AD8HXcGz:PluX+qzTdp/Xjkk3H

Score

10^/10

nyan cat njrat

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

serverupdated.duckdns.org:5552

Mutex

07779923a5f5469b839

Attributes

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/8c66f7abae263de14d58d0d5ee7a1de69b98994eedcdcbbdef9ad2ffea22f475.exe

ea0f33e5f808a305140c29d84b8fbc561485df4ed142fd8fdf75a5ba7ddb0af9
.zip

Password: infected
8c66f7abae263de14d58d0d5ee7a1de69b98994eedcdcbbdef9ad2ffea22f475.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ