Behavioral task
behavioral1
Sample
d19a335a5b9e85775b76a691e2dbbdd4c85c2cc20e848a63575fbdcc18c17827.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
d19a335a5b9e85775b76a691e2dbbdd4c85c2cc20e848a63575fbdcc18c17827.exe
Resource
win10v2004-20240412-en
General
-
Target
49e2aa806c7546405443911340835b1002f5c65876a24231aa37899a16fd8337
-
Size
10KB
-
MD5
1a8d5e1824450d1d012290530e5e4d07
-
SHA1
5309b49a8aca57f7a36e46f6b4e42476de75ac2f
-
SHA256
49e2aa806c7546405443911340835b1002f5c65876a24231aa37899a16fd8337
-
SHA512
e4e0ccc6315eb4cdc76c82d8c4a60fab54804f2b98677e591cb31efe19f732ca4e1a1a24f3b763623dd5e70f2be90815c3f0943a4ea8b724566cf7ed53881914
-
SSDEEP
192:S5qb0fzMHrMCV2llHemV8s3PbSjbSz6tIR6r7O1iEe7cLv2oG91tORxPMi6y+Soa:vb078IcAFV8iab1tIR0Ua7cLv2oLUbDa
Malware Config
Extracted
njrat
0.7NC
NYAN CAT
patria.duckdns.org:1995
37dec69be2ab4e078
-
reg_key
37dec69be2ab4e078
-
splitter
@!#&^%$
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/d19a335a5b9e85775b76a691e2dbbdd4c85c2cc20e848a63575fbdcc18c17827.exe
Files
-
49e2aa806c7546405443911340835b1002f5c65876a24231aa37899a16fd8337.zip
Password: infected
-
d19a335a5b9e85775b76a691e2dbbdd4c85c2cc20e848a63575fbdcc18c17827.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 20KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 688B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ