Malicious
General
Structural Analysis
Config.1
Yara Rules8
Sync
Insights
Community
Infection Chain
Summary by MalvaGPT
Characteristics
Hash | Hash Value |
---|---|
MD5 | 909fbd519f838c87b3403344147c1f11
|
Sha1 | 35bc85268b3ab5a6010ddb7c07a87e863c36e359
|
Sha256 | bdd6970832d288612d972f77ca462f48cb8b761a7dfc2f94624c08efd802c3b3
|
Sha384 | 6a7a1611662f3a538277ce2c9014755b4ea8634ee29698fab560c89aa0b85007845acc3c9bd590935728185d9328fbe7
|
Sha512 | 4bd2a1f34812f926553338e725a6ef018a43b9c39b369f9b7ddf987c3067413b8d36d7637e3a0077cf2695abb46a35b6da0a709410dabefe77a2b3c44b8290b9
|
SSDeep | 384:Pieop9oS+2pRURIXIRHVSuV+MX9w6Dglo61ZhXDVmRvR6JZlbw8hqIusZzZQY5hy:Ppof9pnIP1VkYRpcnurIo
|
TLSH | 02B21A4E3FA98866D4AC177486A6965003B091470423EE2FCCC964DBAFB37D91D4CBF9
|
PeID
.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
Server.exe
RAT
njRat
Executable
PE (Portable Executable)
Win 32 Exe
x86
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - njRAT config.
Config. Field0 | Value |
---|---|
victim_name [VN] | ょ贼开ם |
version [VR] | 0.7d |
executable_name [EXE] | م‚‡è´¼ه¼€×م‚؟م‚®م‚؟م‚·م‚³مپژ.exe |
directory [DR] | TEMP |
reg_key [RG] | d75c6a1548de1ae3ac0e45069e6ec8ee |
cnc_host [H] | mood.uncofig.com |
cnc_port [P] | 5552 |
splitter [Y] | |'|'| |
BD [BD] | False |
is_dir_defined [Idr] | True |
is_startup_folder [IsF] | True |
is_user_reg [Isu] | True |
reg_path [sf] | Software\Microsoft\Windows\CurrentVersion\Run |
packet_size [b] | 5121 |
Artefacts
Name0 | Value |
---|---|
CnC | mood.uncofig.com |
Port | 5552 |
Server.exe (24.06 KB)
File Structure
Server.exe
RAT
njRat
Executable
PE (Portable Executable)
Win 32 Exe
x86
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:0
Characteristics
Malware Configuration - njRAT config.
Config. Field0 | Value |
---|---|
victim_name [VN] | ょ贼开ם |
version [VR] | 0.7d |
executable_name [EXE] | م‚‡è´¼ه¼€×م‚؟م‚®م‚؟م‚·م‚³مپژ.exe |
directory [DR] | TEMP |
reg_key [RG] | d75c6a1548de1ae3ac0e45069e6ec8ee |
cnc_host [H] | mood.uncofig.com |
cnc_port [P] | 5552 |
splitter [Y] | |'|'| |
BD [BD] | False |
is_dir_defined [Idr] | True |
is_startup_folder [IsF] | True |
is_user_reg [Isu] | True |
reg_path [sf] | Software\Microsoft\Windows\CurrentVersion\Run |
packet_size [b] | 5121 |
Artefacts
Name0 | Value | Location |
---|---|---|
CnC | mood.uncofig.com Malicious |
Server.exe |
Port | 5552 Malicious |
Server.exe |
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.
You must be signed in to post a comment.