Behavioral task
behavioral1
Sample
4ce97d20fdf83c2fac60b6660a08aaaab2f0e793fe9958cb2ab2c789e13c7a60.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
4ce97d20fdf83c2fac60b6660a08aaaab2f0e793fe9958cb2ab2c789e13c7a60.exe
Resource
win10v2004-20240412-en
General
-
Target
01fd2b700583f357de669ec7f301d6efe271c21d71353aa2d7d57870f91c1a41
-
Size
10KB
-
MD5
46ff9f14e16aef7b08d16c33ad2e38dd
-
SHA1
8d0183ffb2b8f6507031bd989c9334c23c0b9e5f
-
SHA256
01fd2b700583f357de669ec7f301d6efe271c21d71353aa2d7d57870f91c1a41
-
SHA512
7a574258e4b640e22e958e12f24388b27984746ebd10abe1d51a44fa28d001e5440d3d6fb9a82c9c97a1aae66a5cb882f4678ab21b7fb40890494ace7f57585f
-
SSDEEP
192:6GfF0JUcSnTTNxCBcNb4rwij4vawHUdp73upTR9:RF0UcuHAcOj4SwKV3yTR9
Malware Config
Extracted
njrat
0.7NC
NYAN CAT
serverupdated.duckdns.org:5552
60f905afa1e84682bb
-
reg_key
60f905afa1e84682bb
-
splitter
@!#&^%$
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/4ce97d20fdf83c2fac60b6660a08aaaab2f0e793fe9958cb2ab2c789e13c7a60.exe
Files
-
01fd2b700583f357de669ec7f301d6efe271c21d71353aa2d7d57870f91c1a41.zip
Password: infected
-
4ce97d20fdf83c2fac60b6660a08aaaab2f0e793fe9958cb2ab2c789e13c7a60.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 20KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 672B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ