bc6b8a0696eeb905f03e04a001472f8f

PE Executable
|
MD5: bc6b8a0696eeb905f03e04a001472f8f
|
Size: 56.32 KB
|
application/x-dosexec

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	bc6b8a0696eeb905f03e04a001472f8f
Sha1	6e11aff056c2d56730dc925a3829ed88831e315b
Sha256	d08d747478b90fdd5080ce90099a98061ff0f87a881e0e0d1d44e833703561fd
Sha384	ce196b2b26aa31706f82b2a6fa28b7d1b6776a9ad728f234d0dcee048f836b61fbc92cbf0893861787123fa900baa509
Sha512	12d1287dbc34fb34fa280089ef40cb7f0e7a80dc605eb55f9138baf998f89dcc6fba27c954a572b100ff1bc0e235ecb80a29a4d3c8d7539bee89ccce69544602
SSDeep	768:Wka6lOt1Man8E2N6FiMUt349kSNomwFvfu0YMDHPsvK7XJSxI3pm8m:Wk1cDnCN6FiMSEDNwsNMDdXExI3pm8m
TLSH	10432844BFEA5A05E2BC8F3468F655150634BA23F532EB1E48D668DB13327C58C80FE6

PeID

.NET executable

Microsoft Visual C# / Basic .NET

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL

Microsoft Visual C# v7.0 / Basic .NET

Microsoft Visual Studio .NET

File Structure

Malware Configuration - njRAT config.

Config. Field0	Value
packet_size [b]	5121
BD [BD]	False
directory [DR]	TEMP
executable_name [EXE]	dllhost.exe
cnc_host [H]	j4gn7dcux.localto.net
is_dir_defined [Idr]	False
Anti_CH	False
is_startup_folder [IsF]	False
USB_SP	False
is_user_reg [Isu]	False
cnc_port [P]	8122
reg_key [RG]	d5946f0f73d9119f9c1194b5bbb59903
reg_path [sf]	Software\Microsoft\Windows\CurrentVersion\Run
victim_name [VN]	Nigga
version [VR]	<- NjRAT 0.7d Horror Edition ->
splitter [Y]	Y262SUCZ4UJJ
MSGE	Disabled
MSGT	Sisteminde Zenciler oturuyor
MSGB	Yumurta sisteminde iki zenci oturuyo kaÃ§ bence
MSGSYM	vbCritical
OBITO	Disabled
TSKE	Disabled
TSK	Nigga.exe
KAKASHI	Disabled
AKATSUKI	Disabled
CLEANSWEEP	Disabled
PASTEE	Disabled
PASTEBIN	https://pastebin.com/raw/???
CLIP	null
UAC	Disabled
nowifi	off

Informations

Name0	Value
Info	PE Detect: PeReader OK (file layout)
Module Name	Stub.exe
Full Name	Stub.exe
EntryPoint	System.Void j.A::main()
Scope Name	Stub.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v2.0.50727
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Stub
Assembly Version	0.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	<null>
Total Strings	539
Main Method	System.Void j.A::main()
Main IL Instruction Count	2
Main IL	call System.Void j.OK::ko() ret <null>
Module Name	Stub.exe
Full Name	Stub.exe
EntryPoint	System.Void j.A::main()
Scope Name	Stub.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v2.0.50727
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Stub
Assembly Version	0.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	<null>
Total Strings	539
Main Method	System.Void j.A::main()
Main IL Instruction Count	2
Main IL	call System.Void j.OK::ko() ret <null>

Artefacts

Name0	Value
CnC	j4gn7dcux.localto.net
Port	8122

bc6b8a0696eeb905f03e04a001472f8f (56.32 KB)

File Structure

Characteristics

Malware Configuration - njRAT config.

Config. Field0	Value
packet_size [b]	5121
BD [BD]	False
directory [DR]	TEMP
executable_name [EXE]	dllhost.exe
cnc_host [H]	j4gn7dcux.localto.net
is_dir_defined [Idr]	False
Anti_CH	False
is_startup_folder [IsF]	False
USB_SP	False
is_user_reg [Isu]	False
cnc_port [P]	8122
reg_key [RG]	d5946f0f73d9119f9c1194b5bbb59903
reg_path [sf]	Software\Microsoft\Windows\CurrentVersion\Run
victim_name [VN]	Nigga
version [VR]	<- NjRAT 0.7d Horror Edition ->
splitter [Y]	Y262SUCZ4UJJ
MSGE	Disabled
MSGT	Sisteminde Zenciler oturuyor
MSGB	Yumurta sisteminde iki zenci oturuyo kaÃ§ bence
MSGSYM	vbCritical
OBITO	Disabled
TSKE	Disabled
TSK	Nigga.exe
KAKASHI	Disabled
AKATSUKI	Disabled
CLEANSWEEP	Disabled
PASTEE	Disabled
PASTEBIN	https://pastebin.com/raw/???
CLIP	null
UAC	Disabled
nowifi	off

Artefacts

Name0	Value	Location
CnC	j4gn7dcux.localto.net Malicious	bc6b8a0696eeb905f03e04a001472f8f
Port	8122 Malicious	bc6b8a0696eeb905f03e04a001472f8f

You must be signed in to post a comment.