Behavioral task
behavioral1
Sample
bf373574d290ce64aea2f8fd6e7075b0106b33206457f33d618d53e8ae481643.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
bf373574d290ce64aea2f8fd6e7075b0106b33206457f33d618d53e8ae481643.exe
Resource
win10v2004-20240508-en
General
-
Target
bf373574d290ce64aea2f8fd6e7075b0106b33206457f33d618d53e8ae481643.exe
-
Size
32KB
-
MD5
586aef0f1cdbfe27b87a3950f6455013
-
SHA1
e720397ab8c44d50a7fb9597442896acf4668c55
-
SHA256
bf373574d290ce64aea2f8fd6e7075b0106b33206457f33d618d53e8ae481643
-
SHA512
df0a2e39d935154191a2b28e9dff2317297aed2ac2bc1641c7fed15298a9ce51134f8c5b7fd9217060518ef3766f5fb83c6de8bcbb369527f4227342adcc9ed6
-
SSDEEP
384:k0bUe5XB4e0XOOVcVSjgkMeWTQtTUFQqz9uqObbg:hT9BuN6VSjeetJbg
Malware Config
Extracted
njrat
0.7NC
NYAN CAT
nuevos2024.duckdns.org:2054
797837af7f
-
reg_key
797837af7f
-
splitter
@!#&^%$
Signatures
-
Njrat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource bf373574d290ce64aea2f8fd6e7075b0106b33206457f33d618d53e8ae481643.exe
Files
-
bf373574d290ce64aea2f8fd6e7075b0106b33206457f33d618d53e8ae481643.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 20KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 672B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ