Behavioral task
behavioral1
Sample
323b929dfecc1ad83c951e2ade801749abeebca666e77ec11672930a6e44d4d6.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
323b929dfecc1ad83c951e2ade801749abeebca666e77ec11672930a6e44d4d6.exe
Resource
win10v2004-20240412-en
General
-
Target
882c93ae598405b86eb8e8029613030dd50fc88f80984e0a43304851c1689755
-
Size
10KB
-
MD5
aafc2b17c34a1e7ccaa04f5800c1cc98
-
SHA1
b63605628fe3a3473de814fc188524c370674535
-
SHA256
882c93ae598405b86eb8e8029613030dd50fc88f80984e0a43304851c1689755
-
SHA512
20b995191f3de7d5f9398cb0cc74a11a1a4592776579bb9b10992ae00a212ba10e0778212bdac2002777edf8b34740d0af023cf0ced36717c607b3bdb9044d62
-
SSDEEP
192:KkKgxIEIJz4XwD4FwZB/RoApDCl6q5VqdsWzEPeQ:KREcMg9B5oApul5VqXIeQ
Malware Config
Extracted
njrat
0.7NC
NYAN CAT
promesasalvaro1.duckdns.org:5553
b18c5b4032c046e
-
reg_key
b18c5b4032c046e
-
splitter
@!#&^%$
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/323b929dfecc1ad83c951e2ade801749abeebca666e77ec11672930a6e44d4d6.exe
Files
-
882c93ae598405b86eb8e8029613030dd50fc88f80984e0a43304851c1689755.zip
Password: infected
-
323b929dfecc1ad83c951e2ade801749abeebca666e77ec11672930a6e44d4d6.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 20KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 688B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ