Malicious
Malicious

b8b72fe838b238a72363d3a29112527b

PE Executable
|
MD5: b8b72fe838b238a72363d3a29112527b
|
Size: 37.89 KB
|
application/x-msdownload

RAT
njRat
Executable
PE (Portable Executable)
Win 32 Exe
x86
.Net
SOS: 0.04

Print
General
Structural Analysis
Config.1
Yara Rules37
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very low

Hash
Hash Value
MD5
b8b72fe838b238a72363d3a29112527b
Sha1
d825aa7f1a3c3e3e3d5ae7f5ffbb3d52ac36361d
Sha256
cd487892d68ffb985dcbaa538b42c9caf287dbd855289a7d40086593040b1ee9
Sha384
6751f0b4b9a7056b8cfcb91d852a5ed937fe0ded0201b22eb99b0d307f75864e36ecb8047c4fe6b89746e6e184191615
Sha512
216d088117a517c61f7cc84531755e66a3615c7a8dfd5c2eb227ca52c5596e0022503f656d107c3170d2463b962d94fae96909c0420c73badf75e01cbfb25d22
SSDeep
384:ImOs0IiejvCVLO309QmykrtG+dA+VfwvOSifrAF+rMRTyN/0L+EcoinblneHQM3X:eFdGdkrgYRwWS0rM+rMRa8NuynRt
TLSH
C9032A4D7FE181A8C5FD067B05B2D41207BAE04B6A23DD0E8EE564EA37636C58B50AF1

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
b8b72fe838b238a72363d3a29112527b
RAT
njRat
Executable
PE (Portable Executable)
Win 32 Exe
x86
.Net
SOS: 0.04
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - njRAT config.
Config. Field
Value
packet_size [b]

5121

BD [BD]

False

directory [DR]

TEMP

executable_name [EXE]

server.exe

cnc_host [HH]

7.tcp.eu.ngrok.io

is_dir_defined [Idr]

False

is_startup_folder [IsF]

False

is_user_reg [Isu]

False

NH [NH]

0

cnc_port [P]

11722

reg_key [RG]

5ea644e2b30c6c768b367536b63e23ad

reg_path [sf]

Software\Microsoft\Windows\CurrentVersion\Run

sizk

20

victim_name [VN]

HacKed

version [VR]

im523

splitter [Y]

|'|'|

HD

False

anti [anti]

Exsample.exe

anti2 [anti2]

False

usb [usb]

False

usbx [usbx]

svchost.exe

task [task]

False

Informations
Name
Value
Module Name

w.exe

Full Name

w.exe

EntryPoint

System.Void w.A::main()

Scope Name

w.exe

Scope Type

ModuleDef

Kind

Windows

Runtime Version

v2.0.50727

Tables Header Version

512

WinMD Version

<null>

Assembly Name

w

Assembly Version

0.0.0.0

Assembly Culture

<null>

Has PublicKey

False

PublicKey Token

<null>

Target Framework

<null>

Total Strings

338

Main Method

System.Void w.A::main()

Main IL Instruction Count

5

Main IL

nop <null> call System.Void w.OK::ko() nop <null> nop <null> ret <null>

Module Name

w.exe

Full Name

w.exe

EntryPoint

System.Void w.A::main()

Scope Name

w.exe

Scope Type

ModuleDef

Kind

Windows

Runtime Version

v2.0.50727

Tables Header Version

512

WinMD Version

<null>

Assembly Name

w

Assembly Version

0.0.0.0

Assembly Culture

<null>

Has PublicKey

False

PublicKey Token

<null>

Target Framework

<null>

Total Strings

338

Main Method

System.Void w.A::main()

Main IL Instruction Count

5

Main IL

nop <null> call System.Void w.OK::ko() nop <null> nop <null> ret <null>

Artefacts
Name
Value
Port

11722

Embedded Resources

0

Suspicious Type Names (1-2 chars)

3

b8b72fe838b238a72363d3a29112527b (37.89 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙