General
Structural Analysis
Config.1
Yara Rules30
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics
|
Hash | Hash Value |
|---|---|
| MD5 | 909fbd519f838c87b3403344147c1f11
|
| Sha1 | 35bc85268b3ab5a6010ddb7c07a87e863c36e359
|
| Sha256 | bdd6970832d288612d972f77ca462f48cb8b761a7dfc2f94624c08efd802c3b3
|
| Sha384 | 6a7a1611662f3a538277ce2c9014755b4ea8634ee29698fab560c89aa0b85007845acc3c9bd590935728185d9328fbe7
|
| Sha512 | 4bd2a1f34812f926553338e725a6ef018a43b9c39b369f9b7ddf987c3067413b8d36d7637e3a0077cf2695abb46a35b6da0a709410dabefe77a2b3c44b8290b9
|
| SSDeep | 384:Pieop9oS+2pRURIXIRHVSuV+MX9w6Dglo61ZhXDVmRvR6JZlbw8hqIusZzZQY5hy:Ppof9pnIP1VkYRpcnurIo
|
| TLSH | 02B21A4E3FA98866D4AC177486A6965003B091470423EE2FCCC964DBAFB37D91D4CBF9
|
PeID
.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - njRAT config.
|
Config. Field0 | Value |
|---|---|
| victim_name [VN] | ょ贼开ם |
| version [VR] | 0.7d |
| executable_name [EXE] | م‚‡è´¼ه¼€×م‚؟م‚®م‚؟م‚·م‚³مپژ.exe |
| directory [DR] | TEMP |
| reg_key [RG] | d75c6a1548de1ae3ac0e45069e6ec8ee |
| cnc_host [H] | mood.uncofig.com |
| cnc_port [P] | 5552 |
| splitter [Y] | |'|'| |
| BD [BD] | False |
| is_dir_defined [Idr] | True |
| is_startup_folder [IsF] | True |
| is_user_reg [Isu] | True |
| reg_path [sf] | Software\Microsoft\Windows\CurrentVersion\Run |
| packet_size [b] | 5121 |
Artefacts
|
Name0 | Value |
|---|---|
| CnC | mood.uncofig.com |
| Port | 5552 |
Server.exe (24.06 KB)
File Structure
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:0
Characteristics
Malware Configuration - njRAT config.
|
Config. Field0 | Value |
|---|---|
| victim_name [VN] | ょ贼开ם |
| version [VR] | 0.7d |
| executable_name [EXE] | م‚‡è´¼ه¼€×م‚؟م‚®م‚؟م‚·م‚³مپژ.exe |
| directory [DR] | TEMP |
| reg_key [RG] | d75c6a1548de1ae3ac0e45069e6ec8ee |
| cnc_host [H] | mood.uncofig.com |
| cnc_port [P] | 5552 |
| splitter [Y] | |'|'| |
| BD [BD] | False |
| is_dir_defined [Idr] | True |
| is_startup_folder [IsF] | True |
| is_user_reg [Isu] | True |
| reg_path [sf] | Software\Microsoft\Windows\CurrentVersion\Run |
| packet_size [b] | 5121 |
Artefacts
|
Name0 | Value | Location |
|---|---|---|
| CnC | mood.uncofig.com Malicious |
Server.exe |
| Port | 5552 Malicious |
Server.exe |
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.