Malicious
Malicious

Server.exe

PE Executable
|
MD5: 909fbd519f838c87b3403344147c1f11
|
Size: 24.06 KB
|
application/x-msdownload

RAT
njRat
Executable
PE (Portable Executable)
Win 32 Exe
x86

Print
General
Structural Analysis
Config.1
Yara Rules8
Sync
Insights
Community
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
Hash Value
MD5
909fbd519f838c87b3403344147c1f11
Sha1
35bc85268b3ab5a6010ddb7c07a87e863c36e359
Sha256
bdd6970832d288612d972f77ca462f48cb8b761a7dfc2f94624c08efd802c3b3
Sha384
6a7a1611662f3a538277ce2c9014755b4ea8634ee29698fab560c89aa0b85007845acc3c9bd590935728185d9328fbe7
Sha512
4bd2a1f34812f926553338e725a6ef018a43b9c39b369f9b7ddf987c3067413b8d36d7637e3a0077cf2695abb46a35b6da0a709410dabefe77a2b3c44b8290b9
SSDeep
384:Pieop9oS+2pRURIXIRHVSuV+MX9w6Dglo61ZhXDVmRvR6JZlbw8hqIusZzZQY5hy:Ppof9pnIP1VkYRpcnurIo
TLSH
02B21A4E3FA98866D4AC177486A6965003B091470423EE2FCCC964DBAFB37D91D4CBF9

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
Server.exe
RAT
njRat
Executable
PE (Portable Executable)
Win 32 Exe
x86
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - njRAT config.
Config. Field
Value
victim_name [VN]

ょ贼开ם

version [VR]

0.7d

executable_name [EXE]

م‚‡è´¼ه¼€×‌م‚؟م‚®م‚؟م‚·م‚³مپژ.exe

directory [DR]

TEMP

reg_key [RG]

d75c6a1548de1ae3ac0e45069e6ec8ee

cnc_host [H]

mood.uncofig.com

cnc_port [P]

5552

splitter [Y]

|'|'|

BD [BD]

False

is_dir_defined [Idr]

True

is_startup_folder [IsF]

True

is_user_reg [Isu]

True

reg_path [sf]

Software\Microsoft\Windows\CurrentVersion\Run

packet_size [b]

5121

Artefacts
Name
Value
CnC

mood.uncofig.com

Port

5552

Server.exe (24.06 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙