Malicious
Malicious

9623fe63214549e540a3b44883b22299

PE Executable
|
MD5: 9623fe63214549e540a3b44883b22299
|
Size: 290.82 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
9623fe63214549e540a3b44883b22299
Sha1
3757adac0698163f393344423c28052dfcf07fd6
Sha256
c6fedce36ff816688c229ee0436a1d17cd209ef8d808c229e95b438316f5327a
Sha384
22b9101ae75c1f2eaa9cd9a5ede70d996325ef67c233d1b846db368df714c46f0799c234cfc12940def0422160047c8d
Sha512
ebd5f733b6f1d9cdca6c05a228bb06791bb28130bc32bf82f0bd83080f7d4469a1065b419d3a5377f66a326209e02cd344d5f2438af9f8618795152206a95e5b
SSDeep
6144:jSncRQyCEsE3KvMILp44j3eO1aYtYY5mFTK7n:W4FCEsSzIXaYKTy
TLSH
60545C06B6A940BAD17F9A7889A24901E776BC539771D3CF079039BB1F32BC08E39751

PeID

MASM/TASM - sig4 (h)
Microsoft Visual C++ 6.0 DLL (Debug)
Microsoft Visual C++ 8
Microsoft Visual C++ 8
Microsoft Visual C++ v6.0 DLL
Pe123 v2006.4.4-4.12
VC8 -> Microsoft Corporation
File Structure
9623fe63214549e540a3b44883b22299
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
UPX0
UPX1
.rsrc
.imports
.reloc
Resources
RBIND
ID:0000
ID:0
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.reloc
.rsrc
Optional Header (x86)
Resources
RT_ICON
ID:0001
ID:0
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
RT_RCDATA
ID:0000
ID:2048
Malware Configuration - njRAT config.
Config. Field
 Value
packet_size [b]

5121
BD [BD]

False
directory [DR]

TEMP
executable_name [EXE]

dllhost.exe
cnc_host [H]

yohlkdt3m.localto.net
is_dir_defined [Idr]

False
Anti_CH

False
is_startup_folder [IsF]

False
USB_SP

False
is_user_reg [Isu]

False
cnc_port [P]

6677
reg_key [RG]

45eda18d441c7819839790de86984f4f
reg_path [sf]

Software\Microsoft\Windows\CurrentVersion\Run
victim_name [VN]

Nigga
version [VR]

<- NjRAT 0.7d Horror Edition ->
splitter [Y]

Y262SUCZ4UJJ
MSGE

Disabled
MSGT

Themida
MSGB

Sorry, this application cannot run under a Virtual Machine
MSGSYM

vbCritical
OBITO

Disabled
TSKE

Disabled
TSK

Wireshark.exe
KAKASHI

Disabled
AKATSUKI

Disabled
CLEANSWEEP

Disabled
PASTEE

Disabled
PASTEBIN

https://pastebin.com/raw/???
CLIP

null
UAC

Disabled
nowifi

off
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Artefacts
Name
 Value
CnC

yohlkdt3m.localto.net
Port

6677
9623fe63214549e540a3b44883b22299 (290.82 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙