General

  • Target

    49e2aa806c7546405443911340835b1002f5c65876a24231aa37899a16fd8337

  • Size

    10KB

  • MD5

    1a8d5e1824450d1d012290530e5e4d07

  • SHA1

    5309b49a8aca57f7a36e46f6b4e42476de75ac2f

  • SHA256

    49e2aa806c7546405443911340835b1002f5c65876a24231aa37899a16fd8337

  • SHA512

    e4e0ccc6315eb4cdc76c82d8c4a60fab54804f2b98677e591cb31efe19f732ca4e1a1a24f3b763623dd5e70f2be90815c3f0943a4ea8b724566cf7ed53881914

  • SSDEEP

    192:S5qb0fzMHrMCV2llHemV8s3PbSjbSz6tIR6r7O1iEe7cLv2oG91tORxPMi6y+Soa:vb078IcAFV8iab1tIR0Ua7cLv2oLUbDa

Score
10/10

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

patria.duckdns.org:1995

Mutex

37dec69be2ab4e078

Attributes
  • reg_key

    37dec69be2ab4e078

  • splitter

    @!#&^%$

Signatures

  • Njrat family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 49e2aa806c7546405443911340835b1002f5c65876a24231aa37899a16fd8337
    .zip

    Password: infected

  • d19a335a5b9e85775b76a691e2dbbdd4c85c2cc20e848a63575fbdcc18c17827.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections