njrat | 5f492acf1e41b1c4da456ff6b0cc645511833321970998b1942dc5c4e957ab89

General

Target

5f492acf1e41b1c4da456ff6b0cc645511833321970998b1942dc5c4e957ab89
Size

10KB
MD5

b48912388851ed3101e6be701c656074
SHA1

621fdf82f564cfa82ec8bf1a7819a9d4488828b0
SHA256

5f492acf1e41b1c4da456ff6b0cc645511833321970998b1942dc5c4e957ab89
SHA512

3d278fe0dcd2ce5ace162440aa85a603a95f55ac55ecd1cc91adc7f589e4e160bb2f68efd399b8e3c6795c0b46350c733266e86f95139c09fc2bc24405bfc76b
SSDEEP

192:OY5jySOQmCgp1SH04qVST7RXny9FY/AUxfyspnyk7t8hkNlaCMJTjX:OuHXYSH4VSfRmFYoUxKsF7tcQyjX

Score

10^/10

nyan cat njrat

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

patria.duckdns.org:1995

Mutex

94f270a75dfc4c17a1a

Attributes

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ab23de5f1c097be589e6802a230a24c10e07f60f13214e1f011042f4e51061cf.exe

5f492acf1e41b1c4da456ff6b0cc645511833321970998b1942dc5c4e957ab89
.zip

Password: infected
ab23de5f1c097be589e6802a230a24c10e07f60f13214e1f011042f4e51061cf.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ