njrat | xkzdRi6nGpg3[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

xkzdRi6nGpg3.exe
Size

32KB
MD5

12d3e11ae0227e8182db020a1f875b67
SHA1

ec4525cf7bd7b85e9fbd3101faf7dafaeb83424e
SHA256

ba1c1884ec9bc5326e183aa6a6f31a7f0f3a78f0ae04a5d13aba1eba1ac3448e
SHA512

6b4b5d773e43e0dc6668d361b16c2f414649320ee96e5ea22de132f17870fe002212f7a7324bd7ad8347917392319d934b164cae01941234818c90ef2399e379
SSDEEP

384:70bUe5XB4e0XLO3fw0Q0mS03AWTxtTUFQqzFbObbJ:4T9Buyo55d5bJ

Score

10^/10

nyan cat njrat

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

rusia.duckdns.org:1994

Mutex

5e13091123

Attributes

reg_key
5e13091123
splitter
@!#&^%$

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
xkzdRi6nGpg3.exe

Files

xkzdRi6nGpg3.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ