njrat | 14e029610dfd025907385181f8b75dee_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

14e029610dfd025907385181f8b75dee_JaffaCakes118
Size

120KB
MD5

14e029610dfd025907385181f8b75dee
SHA1

710b6c6e19d31a1b16904476537aae661eda4db7
SHA256

8c04d14fb24726764ddf345550ba2aca6d9c9a548232273cd34132f05aac0a66
SHA512

4e0aaef8c96648772ce09c44339d9089cdd469243043b9f72fd6a007f6041e7e27776a333bb45fefed76e37a7add4ccd4a9b5eef7432dcfa0613653a0b4be356
SSDEEP

768:oMxTY60HP8hPjIKQ/pfiy0jrjSl6mVTRPat:ooj4EhUKQ/pfiy0jr2Mm7

Score

10^/10

nyan cat njrat

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

NYAN CAT

C2

picobis-20350.portmap.io:20350

Mutex

165d6ed988ac

Attributes

reg_key
165d6ed988ac
splitter
|'|'|

Signatures

Njrat family
njrat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14e029610dfd025907385181f8b75dee_JaffaCakes118

Files

14e029610dfd025907385181f8b75dee_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\tj\source\repos\hfjdkslfasdsd\hfjdkslfasdsd\obj\Debug\hfjdkslfasdsd.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ