Behavioral task
behavioral1
Sample
bUHF.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
bUHF.exe
Resource
win10v2004-20240412-en
General
-
Target
bUHF.exe
-
Size
32KB
-
MD5
b47307545c821c03b617776a41df1741
-
SHA1
086f735fcd95e8d3608e22494ae3cadd4d9d7acb
-
SHA256
0f2be1e974ae7ee9be5354fbef333e105cce5c25473648e66a67269d560220f4
-
SHA512
3393fd1e427430e5ac3a8d40bef45bd26d0490d9184d4cbddb595efa1c6fc5ede427962d93c18710d554472c93d6e4dc42bb4c7bb6e987c305b9c43c3a0d2209
-
SSDEEP
384:z0bUe5XB4e0XvOxZggUBZIGlWT1tTUFQqzFBObbB:gT9BumzggUBZI5XbB
Malware Config
Extracted
njrat
0.7NC
NYAN CAT
rusia.duckdns.org:1994
aed0817703934
-
reg_key
aed0817703934
-
splitter
@!#&^%$
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource bUHF.exe
Files
-
bUHF.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 20KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 680B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ