njrat | 12d3e11ae0227e8182db020a1f875b67[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

12d3e11ae0227e8182db020a1f875b67.bin
Size

10KB
MD5

664fdc3d727ca86c17bc2b5f2ef2d2ef
SHA1

f234769b2a4a70a94514ef7c8479b8a0f71b9f3b
SHA256

fb554c71f5880936e9b0819f03c871aa44bcf6ff0e931da8d990c72083b3c953
SHA512

937811a3eb735fe4864e86704b40981576ae592b1205727ca30145811558f3b165303337be4d74e70cd63d81a63583b2b1fc226006f6a5509ad8368348f6121c
SSDEEP

192:0IO3SOCgDpZq7t10aqFMtnLNmLPtkhP6wc+IfU5GirnzkIICb0oW:83FDL41gFMrmag+IfUEi5BW

Score

10^/10

nyan cat njrat

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

rusia.duckdns.org:1994

Mutex

5e13091123

Attributes

reg_key
5e13091123
splitter
@!#&^%$

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ba1c1884ec9bc5326e183aa6a6f31a7f0f3a78f0ae04a5d13aba1eba1ac3448e.exe

Files

12d3e11ae0227e8182db020a1f875b67.bin
.zip

Password: infected
ba1c1884ec9bc5326e183aa6a6f31a7f0f3a78f0ae04a5d13aba1eba1ac3448e.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ