Malicious
Malicious

6de60fa5130454a0eff066650d0d30d8

PE Executable
|
MD5: 6de60fa5130454a0eff066650d0d30d8
|
Size: 24.06 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
6de60fa5130454a0eff066650d0d30d8
Sha1
36d3b9d7066d42f6dd79f73cae6c2858a3664b3e
Sha256
1013bc677e8519b0a53b49e311a3360e2a27f54e9a051f253d45d6a5204e906f
Sha384
accf0526f39e3a7cf4f2d63c67f34f237edd976a5f63a1f519e0987884aeced8ae26ca60bd6609e013ab35d1ab22c2fa
Sha512
74ef47a2e01384e6e74442c85435a2e45c7f316c752ee0b0398bae18876a9fcd144bde0abfa98a50f3f6a4a4e3d87b27f469df4e63e66f449037db4425937b89
SSDeep
384:pweXCQIreJig/8Z7SS1fEBpng6tgL2IBPZVmRvR6JZlbw8hqIusZzZF9:OLq411eRpcnu0
TLSH
35B21B4E3FB98856C5AC17748AA5965003B4D1870423EE2FCCC550CBAFB3ADA5D4CAF9

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
6de60fa5130454a0eff066650d0d30d8
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - njRAT config.
Config. Field
 Value
victim_name [VN]

HacKed
version [VR]

0.7d
executable_name [EXE]

server.exe
directory [DR]

TEMP
reg_key [RG]

c9db695a09a2cec507fb4c0fc45e4696
cnc_host [H]

103.245.167.123
cnc_port [P]

25565
splitter [Y]

|'|'|
BD [BD]

True
is_dir_defined [Idr]

True
is_startup_folder [IsF]

False
is_user_reg [Isu]

False
reg_path [sf]

Software\Microsoft\Windows\CurrentVersion\Run
packet_size [b]

5121
Informations
Name
 Value
Module Name

j.exe
Full Name

j.exe
EntryPoint

System.Void j.A::main()
Scope Name

j.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v2.0.50727
Tables Header Version

512
WinMD Version

<null>
Assembly Name

j
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

214
Main Method

System.Void j.A::main()
Main IL Instruction Count

2
Main IL

call System.Void j.OK::ko() ret <null>
Module Name

j.exe
Full Name

j.exe
EntryPoint

System.Void j.A::main()
Scope Name

j.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v2.0.50727
Tables Header Version

512
WinMD Version

<null>
Assembly Name

j
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

214
Main Method

System.Void j.A::main()
Main IL Instruction Count

2
Main IL

call System.Void j.OK::ko() ret <null>
Artefacts
Name
 Value
CnC

103.245.167.123
Port

25565
Embedded Resources

0
Suspicious Type Names (1-2 chars)

3
6de60fa5130454a0eff066650d0d30d8 (24.06 KB)
File Structure
6de60fa5130454a0eff066650d0d30d8
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:0
Characteristics
Malware Configuration - njRAT config.
Config. Field
 Value
victim_name [VN]

HacKed
version [VR]

0.7d
executable_name [EXE]

server.exe
directory [DR]

TEMP
reg_key [RG]

c9db695a09a2cec507fb4c0fc45e4696
cnc_host [H]

103.245.167.123
cnc_port [P]

25565
splitter [Y]

|'|'|
BD [BD]

True
is_dir_defined [Idr]

True
is_startup_folder [IsF]

False
is_user_reg [Isu]

False
reg_path [sf]

Software\Microsoft\Windows\CurrentVersion\Run
packet_size [b]

5121
Artefacts
Name
 Value Location
CnC

103.245.167.123

Malicious

6de60fa5130454a0eff066650d0d30d8
Port

25565

Malicious

6de60fa5130454a0eff066650d0d30d8
Embedded Resources

0

6de60fa5130454a0eff066650d0d30d8
Suspicious Type Names (1-2 chars)

3

6de60fa5130454a0eff066650d0d30d8
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙