Malicious
Malicious

054426a39875392fd4e0a3e6283beb7e

PE Executable
|
MD5: 054426a39875392fd4e0a3e6283beb7e
|
Size: 2.65 MB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
054426a39875392fd4e0a3e6283beb7e
Sha1
33f5846ee243318de693a932e5fa990ea15754c7
Sha256
7c050e3828f0ff9ac1a579af5700479172243fefecd11499481a0da4a5669ab5
Sha384
dfdeb9c47f1a4b9d6ad73600f118bcb6a1d4649bf492d54a4b7ac2838ea94cef86b84f576317f86f6dc0477bdbee4537
Sha512
d0f71f20decad05eda0aa269f8023bb00314f7bd13eedd71b2fcaa121a4e34140f4eedfbbbc3811cc929dffa37a0856510c7696f59f5380bd3669f7fb54a0b54
SSDeep
49152:4XsTDGYCf05xC3wB+jORGmHIzSMa8dyBQRc8ZI4IU6i1d:i8Sa2wB+O6aIB8H+1d
TLSH
85C55C0FE69582F4C0BAD0749346F733AA327C894722795B17B05A11AFE5B905FACB07

PeID

Borland Delphi 7 - Nstd EP - ASL sign
MASM/TASM - sig4 (h)
Microsoft Visual C++ v6.0 DLL
File Structure
054426a39875392fd4e0a3e6283beb7e
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
CODE
DATA
BSS
.idata
.tls
.rdata
.reloc
.rsrc
Resources
RT_RCDATA
ID:0000
ID:0
[Authenticode]_1edcfca7.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.fptable
.rsrc
.reloc
Optional Header (x86)
Resources
RT_ICON
ID:0001
ID:1033
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
ID:1033-preview.png
ID:0005
ID:1033
ID:0006
ID:1033
ID:0007
ID:1033
ID:0008
ID:1033
ID:0009
ID:1033
ID:000A
ID:1033
ID:1033-preview.png
ID:000B
ID:1033
ID:000C
ID:1033
ID:000D
ID:1033
ID:000E
ID:1033
ID:000F
ID:1033
RT_GROUP_CURSOR4
ID:0001
ID:1033
RT_VERSION
ID:0001
ID:1033
RT_MANIFEST
ID:0001
ID:1033
ID:0
.Net Resources
Stub.Resources.resources
Malware Configuration - njRAT config.
Config. Field
 Value
packet_size [b]

5121
BD [BD]

False
directory [DR]

TEMP
executable_name [EXE]

Install MullvadVPN.exe
cnc_host [H]

Ni50Y3मेuबीपीXUubmdyb2suaW8!
icn

#ic
is_dir_defined [Idr]

True
is_startup_folder [IsF]

True
RegistrySt

True
xDlol1

Java update
Sleep

False
Sleep1

1
reg_key [RG]

Windows Update
task [Task]

True
reg_path [sf]

Software\Microsoft\Windows\CurrentVersion\Run
Hide

True
HP

True
SPR

false
victim_name [VN]

stepan
version [VR]

Njrat 0.7 Golden By Hassan Amiri
splitter [Y]

|Hassan|
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Artefacts
Name
 Value
CnC

Ni50Y3मेuबीपीXUubmdyb2suaW8!
054426a39875392fd4e0a3e6283beb7e (2.65 MB)
File Structure
054426a39875392fd4e0a3e6283beb7e
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
CODE
DATA
BSS
.idata
.tls
.rdata
.reloc
.rsrc
Resources
RT_RCDATA
ID:0000
ID:0
[Authenticode]_1edcfca7.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.fptable
.rsrc
.reloc
Optional Header (x86)
Resources
RT_ICON
ID:0001
ID:1033
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
ID:1033-preview.png
ID:0005
ID:1033
ID:0006
ID:1033
ID:0007
ID:1033
ID:0008
ID:1033
ID:0009
ID:1033
ID:000A
ID:1033
ID:1033-preview.png
ID:000B
ID:1033
ID:000C
ID:1033
ID:000D
ID:1033
ID:000E
ID:1033
ID:000F
ID:1033
RT_GROUP_CURSOR4
ID:0001
ID:1033
RT_VERSION
ID:0001
ID:1033
RT_MANIFEST
ID:0001
ID:1033
ID:0
.Net Resources
Stub.Resources.resources
Characteristics
Malware Configuration - njRAT config.
Config. Field
 Value
packet_size [b]

5121
BD [BD]

False
directory [DR]

TEMP
executable_name [EXE]

Install MullvadVPN.exe
cnc_host [H]

Ni50Y3मेuबीपीXUubmdyb2suaW8!
icn

#ic
is_dir_defined [Idr]

True
is_startup_folder [IsF]

True
RegistrySt

True
xDlol1

Java update
Sleep

False
Sleep1

1
reg_key [RG]

Windows Update
task [Task]

True
reg_path [sf]

Software\Microsoft\Windows\CurrentVersion\Run
Hide

True
HP

True
SPR

false
victim_name [VN]

stepan
version [VR]

Njrat 0.7 Golden By Hassan Amiri
splitter [Y]

|Hassan|
Artefacts
Name
 Value Location
CnC

Ni50Y3मेuबीपीXUubmdyb2suaW8!

Malicious

054426a39875392fd4e0a3e6283beb7e > Resources > RT_RCDATA > ID:0000 > ID:0
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙