9623fe63214549e540a3b44883b22299

PE Executable
|
MD5: 9623fe63214549e540a3b44883b22299
|
Size: 290.82 KB
|
application/x-dosexec

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	9623fe63214549e540a3b44883b22299
Sha1	3757adac0698163f393344423c28052dfcf07fd6
Sha256	c6fedce36ff816688c229ee0436a1d17cd209ef8d808c229e95b438316f5327a
Sha384	22b9101ae75c1f2eaa9cd9a5ede70d996325ef67c233d1b846db368df714c46f0799c234cfc12940def0422160047c8d
Sha512	ebd5f733b6f1d9cdca6c05a228bb06791bb28130bc32bf82f0bd83080f7d4469a1065b419d3a5377f66a326209e02cd344d5f2438af9f8618795152206a95e5b
SSDeep	6144:jSncRQyCEsE3KvMILp44j3eO1aYtYY5mFTK7n:W4FCEsSzIXaYKTy
TLSH	60545C06B6A940BAD17F9A7889A24901E776BC539771D3CF079039BB1F32BC08E39751

PeID

MASM/TASM - sig4 (h)

Microsoft Visual C++ 6.0 DLL (Debug)

Microsoft Visual C++ 8

Microsoft Visual C++ v6.0 DLL

Pe123 v2006.4.4-4.12

VC8 -> Microsoft Corporation

File Structure

Malware Configuration - njRAT config.

Config. Field0	Value
packet_size [b]	5121
BD [BD]	False
directory [DR]	TEMP
executable_name [EXE]	dllhost.exe
cnc_host [H]	yohlkdt3m.localto.net
is_dir_defined [Idr]	False
Anti_CH	False
is_startup_folder [IsF]	False
USB_SP	False
is_user_reg [Isu]	False
cnc_port [P]	6677
reg_key [RG]	45eda18d441c7819839790de86984f4f
reg_path [sf]	Software\Microsoft\Windows\CurrentVersion\Run
victim_name [VN]	Nigga
version [VR]	<- NjRAT 0.7d Horror Edition ->
splitter [Y]	Y262SUCZ4UJJ
MSGE	Disabled
MSGT	Themida
MSGB	Sorry, this application cannot run under a Virtual Machine
MSGSYM	vbCritical
OBITO	Disabled
TSKE	Disabled
TSK	Wireshark.exe
KAKASHI	Disabled
AKATSUKI	Disabled
CLEANSWEEP	Disabled
PASTEE	Disabled
PASTEBIN	https://pastebin.com/raw/???
CLIP	null
UAC	Disabled
nowifi	off

Informations

Name0	Value
Info	PE Detect: PeReader OK (file layout)

Artefacts

Name0	Value
CnC	yohlkdt3m.localto.net
Port	6677

9623fe63214549e540a3b44883b22299 (290.82 KB)

File Structure

Characteristics

Malware Configuration - njRAT config.

Config. Field0	Value
packet_size [b]	5121
BD [BD]	False
directory [DR]	TEMP
executable_name [EXE]	dllhost.exe
cnc_host [H]	yohlkdt3m.localto.net
is_dir_defined [Idr]	False
Anti_CH	False
is_startup_folder [IsF]	False
USB_SP	False
is_user_reg [Isu]	False
cnc_port [P]	6677
reg_key [RG]	45eda18d441c7819839790de86984f4f
reg_path [sf]	Software\Microsoft\Windows\CurrentVersion\Run
victim_name [VN]	Nigga
version [VR]	<- NjRAT 0.7d Horror Edition ->
splitter [Y]	Y262SUCZ4UJJ
MSGE	Disabled
MSGT	Themida
MSGB	Sorry, this application cannot run under a Virtual Machine
MSGSYM	vbCritical
OBITO	Disabled
TSKE	Disabled
TSK	Wireshark.exe
KAKASHI	Disabled
AKATSUKI	Disabled
CLEANSWEEP	Disabled
PASTEE	Disabled
PASTEBIN	https://pastebin.com/raw/???
CLIP	null
UAC	Disabled
nowifi	off

Artefacts

Name0	Value	Location
CnC	yohlkdt3m.localto.net Malicious	9623fe63214549e540a3b44883b22299 > Resources > RBIND > ID:0000 > ID:0
Port	6677 Malicious	9623fe63214549e540a3b44883b22299 > Resources > RBIND > ID:0000 > ID:0

You must be signed in to post a comment.