General
Structural Analysis
Config.1
Yara Rules30
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics
|
Hash | Hash Value |
|---|---|
| MD5 | c94062344c72045751c475c21eef88bb
|
| Sha1 | f6c042bd0387df2942b8bf1e8a6477b7f367998b
|
| Sha256 | b09d66ba71975014fd70ae2ce38cebabe43cc14ec826fbd8ae4bb303f0d33380
|
| Sha384 | 967e568f9f48bba8dc39bfd50040406b19a11155136f63fcd8655eaf120efa7ef8f4e5a8611c74604a21711a8802cf88
|
| Sha512 | aa575cec3b8cb5ecc35b8b6e8db374aa1d94695493ed1f7d303cab21f689cf810a5272278df542e5fbe88339d55664829ae1f7d4fac997812d6def148240c336
|
| SSDeep | 384:4JPfx4bctPiJLQrKARGSRUW3bY6agwStbDyt8mRvR6JZlbw8hqIusZzZ8j:46q2x+tRGRpcnup
|
| TLSH | 54B21A4E3F698856C5AC167496A6965003B191870413EE3FCCC950CBAFB3ADA2D48EF9
|
PeID
.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - njRAT config.
|
Config. Field0 | Value |
|---|---|
| victim_name [VN] | |
| version [VR] | 0.7d |
| executable_name [EXE] | updpcont.exe |
| directory [DR] | UserProfile |
| reg_key [RG] | fea64370dbdcc5b523d4197b4952caa4 |
| cnc_host [H] | 188.212.158.75 |
| cnc_port [P] | 5557 |
| splitter [Y] | |'|'| |
| BD [BD] | True |
| is_dir_defined [Idr] | False |
| is_startup_folder [IsF] | False |
| is_user_reg [Isu] | False |
| reg_path [sf] | Software\Microsoft\Windows\CurrentVersion\Run |
| packet_size [b] | 5121 |
Artefacts
|
Name0 | Value |
|---|---|
| CnC | 188.212.158.75 |
| Port | 5557 |
c94062344c72045751c475c21eef88bb (24.06 KB)
File Structure
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:0
Characteristics
Malware Configuration - njRAT config.
|
Config. Field0 | Value |
|---|---|
| victim_name [VN] | |
| version [VR] | 0.7d |
| executable_name [EXE] | updpcont.exe |
| directory [DR] | UserProfile |
| reg_key [RG] | fea64370dbdcc5b523d4197b4952caa4 |
| cnc_host [H] | 188.212.158.75 |
| cnc_port [P] | 5557 |
| splitter [Y] | |'|'| |
| BD [BD] | True |
| is_dir_defined [Idr] | False |
| is_startup_folder [IsF] | False |
| is_user_reg [Isu] | False |
| reg_path [sf] | Software\Microsoft\Windows\CurrentVersion\Run |
| packet_size [b] | 5121 |
Artefacts
|
Name0 | Value | Location |
|---|---|---|
| CnC | 188.212.158.75 Malicious |
c94062344c72045751c475c21eef88bb |
| Port | 5557 Malicious |
c94062344c72045751c475c21eef88bb |
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.