89c633e2dc2d8dab388e95fa26af9e77

PE Executable
|
MD5: 89c633e2dc2d8dab388e95fa26af9e77
|
Size: 56.32 KB
|
application/x-dosexec

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	89c633e2dc2d8dab388e95fa26af9e77
Sha1	54c57a3a86ea8b5df00ece988ce8400ce5e3fc4c
Sha256	347e17e0cd18a42580f88ee2b4775ec5cab9df30e994fb8f01df8ed02f7d7bc1
Sha384	02c5e583aab2cf6dd88bcb0c627c8b6deb28ab6e47a02c2212f342d11703de06470459142064301808b74abfbe8abade
Sha512	bc1636c1c1cf5ca382d3cd2902f8b16ebe832a14778a4e72ea216d10e593c9b007710be9b858994138c34650ecb7925fc9456df9d2f8f9963ca5148b304c410a
SSDeep	1536:v7ZMDnE4uNhty4XgNxtD9wsNMD3XExI3pmDm:FMDnlIk4XotD9wsNMD3XExI3pm
TLSH	82431744BFEA4A01E2BD8F3468F655150634BA63E532EB1F88D668DB17327C58C40FE6

PeID

.NET executable

Microsoft Visual C# / Basic .NET

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL

Microsoft Visual C# v7.0 / Basic .NET

Microsoft Visual Studio .NET

File Structure

Malware Configuration - njRAT config.

Config. Field0	Value
packet_size [b]	5121
BD [BD]	False
directory [DR]	TEMP
executable_name [EXE]	dllhost.exe
cnc_host [H]	l5ewog1zc.localto.net
is_dir_defined [Idr]	False
Anti_CH	False
is_startup_folder [IsF]	True
USB_SP	False
is_user_reg [Isu]	True
cnc_port [P]	7826
reg_key [RG]	3afc1f5be8c953236ee809471518fbfc
reg_path [sf]	Software\Microsoft\Windows\CurrentVersion\Run
victim_name [VN]
version [VR]	<- NjRAT 0.7d Horror Edition ->
splitter [Y]	Y262SUCZ4UJJ
MSGE	Disabled
MSGT	Hata
MSGB	Bu uygulamayÄ± Ã§alÄ±ÅŸtÄ±rmak iÃ§in visual x64 gerekli
MSGSYM	vbExclamation
OBITO	Disabled
TSKE	Disabled
TSK	Wireshark.exe
KAKASHI	Disabled
AKATSUKI	Disabled
CLEANSWEEP	Disabled
PASTEE	Disabled
PASTEBIN	https://pastebin.com/raw/???
CLIP	null
UAC	Disabled
nowifi	off

Informations

Name0	Value
Info	PE Detect: PeReader OK (file layout)
Module Name	Stub.exe
Full Name	Stub.exe
EntryPoint	System.Void j.A::main()
Scope Name	Stub.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v2.0.50727
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Stub
Assembly Version	0.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	<null>
Total Strings	539
Main Method	System.Void j.A::main()
Main IL Instruction Count	2
Main IL	call System.Void j.OK::ko() ret <null>
Module Name	Stub.exe
Full Name	Stub.exe
EntryPoint	System.Void j.A::main()
Scope Name	Stub.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v2.0.50727
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Stub
Assembly Version	0.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	<null>
Total Strings	539
Main Method	System.Void j.A::main()
Main IL Instruction Count	2
Main IL	call System.Void j.OK::ko() ret <null>

Artefacts

Name0	Value
CnC	l5ewog1zc.localto.net
Port	7826

89c633e2dc2d8dab388e95fa26af9e77 (56.32 KB)

File Structure

Characteristics

Malware Configuration - njRAT config.

Config. Field0	Value
packet_size [b]	5121
BD [BD]	False
directory [DR]	TEMP
executable_name [EXE]	dllhost.exe
cnc_host [H]	l5ewog1zc.localto.net
is_dir_defined [Idr]	False
Anti_CH	False
is_startup_folder [IsF]	True
USB_SP	False
is_user_reg [Isu]	True
cnc_port [P]	7826
reg_key [RG]	3afc1f5be8c953236ee809471518fbfc
reg_path [sf]	Software\Microsoft\Windows\CurrentVersion\Run
victim_name [VN]
version [VR]	<- NjRAT 0.7d Horror Edition ->
splitter [Y]	Y262SUCZ4UJJ
MSGE	Disabled
MSGT	Hata
MSGB	Bu uygulamayÄ± Ã§alÄ±ÅŸtÄ±rmak iÃ§in visual x64 gerekli
MSGSYM	vbExclamation
OBITO	Disabled
TSKE	Disabled
TSK	Wireshark.exe
KAKASHI	Disabled
AKATSUKI	Disabled
CLEANSWEEP	Disabled
PASTEE	Disabled
PASTEBIN	https://pastebin.com/raw/???
CLIP	null
UAC	Disabled
nowifi	off

Artefacts

Name0	Value	Location
CnC	l5ewog1zc.localto.net Malicious	89c633e2dc2d8dab388e95fa26af9e77
Port	7826 Malicious	89c633e2dc2d8dab388e95fa26af9e77

You must be signed in to post a comment.