089d349e207ec8dd29015bdaaa873538

PE Executable
|
MD5: 089d349e207ec8dd29015bdaaa873538
|
Size: 75.78 KB
|
application/x-msdownload

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	089d349e207ec8dd29015bdaaa873538
Sha1	85dcc44cf45c35192f31ab904286cb553e64541a
Sha256	fc4ec627794ebf4776775aecb699ed72050b79df0c0f128d9513d40d3389874e
Sha384	55bda137232313ace81371128b5eeab49097eebd539acd6b06f9d38526d8aed5fc6da70a8a085bec3b8f53d149441f23
Sha512	e425b4788927e14cf83c489aa41cd541a39a7a37b3ce248f2bc230070dca2164ff25cbfb5e8b31efbe2bdda3ca24650fcb7863b2531fe2c9d2dbef9dba9a109d
SSDeep	768:QkWkk491twjrPSbWto5IrM+rMRa8Nuz+tH:fWkk491OjGbW+5T+gRJN0
TLSH	8F732A497BE18568C4BD167B09B2D4320776EC4B5E23C90E9EE17D9F37732C18B50AA2

File Structure

Malware Configuration - njRAT config.

Config. Field0	Value
packet_size [b]	5121
BD [BD]	True
directory [DR]	AllUsersProfile
executable_name [EXE]	obs-camera-flip.exe
cnc_host [HH]	xntryz.thddns.net
is_dir_defined [Idr]	True
is_startup_folder [IsF]	True
is_user_reg [Isu]	True
NH [NH]	0
cnc_port [P]	6760
reg_key [RG]	4df8451909be47184b4802149c74945e
reg_path [sf]	Software\Microsoft\Windows\CurrentVersion\Run
sizk	20
victim_name [VN]	XNTRYZ
version [VR]	im523
splitter [Y]	\|'\|'\|
HD	True
anti [anti]	Exsample.exe
anti2 [anti2]	False
usb [usb]	False
usbx [usbx]	svchost.exe
task [task]	True

Informations

Name0	Value
Module Name	w.exe
Full Name	w.exe
EntryPoint	System.Void w.A::main()
Scope Name	w.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v2.0.50727
Tables Header Version	512
WinMD Version	<null>
Assembly Name	w
Assembly Version	0.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	<null>
Total Strings	338
Main Method	System.Void w.A::main()
Main IL Instruction Count	5
Main IL	nop <null> call System.Void w.OK::ko() nop <null> nop <null> ret <null>

Artefacts

089d349e207ec8dd29015bdaaa873538 (75.78 KB)