5e9c21e3a5540f54fe5da69948859089

PE Executable
|
MD5: 5e9c21e3a5540f54fe5da69948859089
|
Size: 32.26 KB
|
application/x-dosexec

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	5e9c21e3a5540f54fe5da69948859089
Sha1	4febd2c340bc6b6b572e48c2c57846ddbe88c59e
Sha256	85054678344fc1788233d45cb5e882d8442191481107f2114bb73eda1ce6257d
Sha384	054496ec386a0aff018ba088006ab1869cf344e5f1ed81ac4cac1700e982f85d2f3bb1b6cb4781476b94faa124a380fe
Sha512	a1fb795194dc78dbcf78090ffd093cec335589d38b2e7d27465f533896f23bec9f32db1cf7a908b46d1856b4df4f8ad69451283f251b6322b0129b69483838f6
SSDeep	768:8XbEHBZhjzOzx5+RuuLVu5637A9ihinv4dQmIDUu0tiGgj:HD6Yu+A9ih68QVkmj
TLSH	34E22CADFBEA4466D1BC1AB50571950013B4D103E523FB7E4ECB24A62B6B3D84B84DF2

PeID

.NET executable

Microsoft Visual C# / Basic .NET

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL

Microsoft Visual C# v7.0 / Basic .NET

Microsoft Visual Studio .NET

File Structure

Malware Configuration - njRAT config.

Config. Field0	Value
packet_size [b]	5121
BD [BD]	False
directory [DR]	TEMP
executable_name [EXE]	WindowsServices.exe
cnc_host [H]	8scom.link
is_dir_defined [Idr]	False
Anti_CH	False
is_startup_folder [IsF]	True
USB_SP	True
is_user_reg [Isu]	True
cnc_port [P]	443
reg_key [RG]	9540f0fe1cd2f635023b5036b8c36ebd
reg_path [sf]	Software\Microsoft\Windows\CurrentVersion\Run
victim_name [VN]	Iǝ
version [VR]	0.7d
splitter [Y]	Y262SUCZ4UJJ

Informations

Name0	Value
Info	PE Detect: PeReader OK (file layout)
Module Name	Stub.exe
Full Name	Stub.exe
EntryPoint	System.Void j.A::main()
Scope Name	Stub.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v2.0.50727
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Stub
Assembly Version	0.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	<null>
Total Strings	241
Main Method	System.Void j.A::main()
Main IL Instruction Count	4
Main IL	nop <null> call System.Void j.OK::ko() nop <null> ret <null>
Module Name	Stub.exe
Full Name	Stub.exe
EntryPoint	System.Void j.A::main()
Scope Name	Stub.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v2.0.50727
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Stub
Assembly Version	0.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	<null>
Total Strings	241
Main Method	System.Void j.A::main()
Main IL Instruction Count	4
Main IL	nop <null> call System.Void j.OK::ko() nop <null> ret <null>

Artefacts

Name0	Value
CnC	8scom.link
Port	443

5e9c21e3a5540f54fe5da69948859089 (32.26 KB)

File Structure

Characteristics

Malware Configuration - njRAT config.

Config. Field0	Value
packet_size [b]	5121
BD [BD]	False
directory [DR]	TEMP
executable_name [EXE]	WindowsServices.exe
cnc_host [H]	8scom.link
is_dir_defined [Idr]	False
Anti_CH	False
is_startup_folder [IsF]	True
USB_SP	True
is_user_reg [Isu]	True
cnc_port [P]	443
reg_key [RG]	9540f0fe1cd2f635023b5036b8c36ebd
reg_path [sf]	Software\Microsoft\Windows\CurrentVersion\Run
victim_name [VN]	Iǝ
version [VR]	0.7d
splitter [Y]	Y262SUCZ4UJJ

Artefacts

Name0	Value	Location
CnC	8scom.link Malicious	5e9c21e3a5540f54fe5da69948859089
Port	443 Malicious	5e9c21e3a5540f54fe5da69948859089

You must be signed in to post a comment.