Malicious
Server.exe
PE Executable | MD5: 909fbd519f838c87b3403344147c1f11 | Size: 24.06 KB | application/x-msdownload
PE Executable
MD5: 909fbd519f838c87b3403344147c1f11
Size: 24.06 KB
application/x-msdownload
RAT
njRat
Executable
PE (Portable Executable)
Win 32 Exe
x86
Infection Chain
Summary by MalvaGPT
Characteristics
|
Hash | Hash Value |
|---|---|
| MD5 | 909fbd519f838c87b3403344147c1f11
|
| Sha1 | 35bc85268b3ab5a6010ddb7c07a87e863c36e359
|
| Sha256 | bdd6970832d288612d972f77ca462f48cb8b761a7dfc2f94624c08efd802c3b3
|
| Sha384 | 6a7a1611662f3a538277ce2c9014755b4ea8634ee29698fab560c89aa0b85007845acc3c9bd590935728185d9328fbe7
|
| Sha512 | 4bd2a1f34812f926553338e725a6ef018a43b9c39b369f9b7ddf987c3067413b8d36d7637e3a0077cf2695abb46a35b6da0a709410dabefe77a2b3c44b8290b9
|
| SSDeep | 384:Pieop9oS+2pRURIXIRHVSuV+MX9w6Dglo61ZhXDVmRvR6JZlbw8hqIusZzZQY5hy:Ppof9pnIP1VkYRpcnurIo
|
| TLSH | 02B21A4E3FA98866D4AC177486A6965003B091470423EE2FCCC964DBAFB37D91D4CBF9
|
PeID
.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
Server.exe
RAT
njRat
Executable
PE (Portable Executable)
Win 32 Exe
x86
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - njRAT config.
|
Config. Field0 | Value |
|---|---|
| victim_name [VN] | ょ贼开ם |
| version [VR] | 0.7d |
| executable_name [EXE] | م‚‡è´¼ه¼€×م‚؟م‚®م‚؟م‚·م‚³مپژ.exe |
| directory [DR] | TEMP |
| reg_key [RG] | d75c6a1548de1ae3ac0e45069e6ec8ee |
| cnc_host [H] | mood.uncofig.com |
| cnc_port [P] | 5552 |
| splitter [Y] | |'|'| |
| BD [BD] | False |
| is_dir_defined [Idr] | True |
| is_startup_folder [IsF] | True |
| is_user_reg [Isu] | True |
| reg_path [sf] | Software\Microsoft\Windows\CurrentVersion\Run |
| packet_size [b] | 5121 |
Artefacts
|
Name0 | Value |
|---|---|
| CnC | mood.uncofig.com |
| Port | 5552 |
Server.exe (24.06 KB)
File Structure
Server.exe
RAT
njRat
Executable
PE (Portable Executable)
Win 32 Exe
x86
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:0
Characteristics
Malware Configuration - njRAT config.
|
Config. Field0 | Value |
|---|---|
| victim_name [VN] | ょ贼开ם |
| version [VR] | 0.7d |
| executable_name [EXE] | م‚‡è´¼ه¼€×م‚؟م‚®م‚؟م‚·م‚³مپژ.exe |
| directory [DR] | TEMP |
| reg_key [RG] | d75c6a1548de1ae3ac0e45069e6ec8ee |
| cnc_host [H] | mood.uncofig.com |
| cnc_port [P] | 5552 |
| splitter [Y] | |'|'| |
| BD [BD] | False |
| is_dir_defined [Idr] | True |
| is_startup_folder [IsF] | True |
| is_user_reg [Isu] | True |
| reg_path [sf] | Software\Microsoft\Windows\CurrentVersion\Run |
| packet_size [b] | 5121 |
Artefacts
|
Name0 | Value | Location |
|---|---|---|
| CnC | mood.uncofig.com Malicious |
Server.exe |
| Port | 5552 Malicious |
Server.exe |
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.