Malicious
Malicious

5d0bbf2f33707309f0c846593b0021c2

PE Executable
|
MD5: 5d0bbf2f33707309f0c846593b0021c2
|
Size: 56.32 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Low

Hash
 Hash Value
MD5
5d0bbf2f33707309f0c846593b0021c2
Sha1
2c734198febcd83d26b04868abdc068c815bf7af
Sha256
6aee0062acb2af56cd9c456db134478922a7755fe27d9bc58583b58d72d6e9b7
Sha384
9b67c9d265da913b5c746174dc5cd9ee1c12a4e91eba7f19fbab643f8d1733cb37383af8aec34ec08b717ded84745cd1
Sha512
fef56c1f5823a844f2c3c2670ddb915760e332ea2b54c7f785da895ea69b2aaacedec36a94fa1cbe38e6c0c504e87cb770bc24f5ac82bb2af90269a3a3cf60b0
SSDeep
1536:lpoADn8fLNG/SbTKDD3wsNMDPXExI3pm7m:8ADncsqb2DD3wsNMDPXExI3pm
TLSH
FC432845BFEA4A01E2BC8F3468F655150634BA63E932EB1E8CD568DB17327C58C40FE6

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
5d0bbf2f33707309f0c846593b0021c2
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - njRAT config.
Config. Field
 Value
packet_size [b]

5121
BD [BD]

False
directory [DR]

TEMP
executable_name [EXE]

dllhost.exe
cnc_host [H]

j4gn7dcux.localto.net
is_dir_defined [Idr]

False
Anti_CH

False
is_startup_folder [IsF]

False
USB_SP

False
is_user_reg [Isu]

True
cnc_port [P]

8122
reg_key [RG]

ff7eab7e5c4bb5a7d2e2cc013d323396
reg_path [sf]

Software\Microsoft\Windows\CurrentVersion\Run
victim_name [VN]

Nigga
version [VR]

<- NjRAT 0.7d Horror Edition ->
splitter [Y]

Y262SUCZ4UJJ
MSGE

Disabled
MSGT

Sisteminde Zenciler oturuyor
MSGB

Yumurta sisteminde iki zenci oturuyo kaç bence
MSGSYM

vbCritical
OBITO

Disabled
TSKE

Disabled
TSK

Nigga.exe
KAKASHI

Disabled
AKATSUKI

Disabled
CLEANSWEEP

Disabled
PASTEE

Disabled
PASTEBIN

https://pastebin.com/raw/???
CLIP

null
UAC

Disabled
nowifi

off
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Stub.exe
Full Name

Stub.exe
EntryPoint

System.Void j.A::main()
Scope Name

Stub.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v2.0.50727
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Stub
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

539
Main Method

System.Void j.A::main()
Main IL Instruction Count

2
Main IL

call System.Void j.OK::ko() ret <null>
Module Name

Stub.exe
Full Name

Stub.exe
EntryPoint

System.Void j.A::main()
Scope Name

Stub.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v2.0.50727
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Stub
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

539
Main Method

System.Void j.A::main()
Main IL Instruction Count

2
Main IL

call System.Void j.OK::ko() ret <null>
Artefacts
Name
 Value
CnC

j4gn7dcux.localto.net
Port

8122
5d0bbf2f33707309f0c846593b0021c2 (56.32 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙