Malicious
Malicious

f068b84fda2e74c3c62c929bb092f280

PE Executable
|
MD5: f068b84fda2e74c3c62c929bb092f280
|
Size: 24.06 KB
|
application/x-msdownload

RAT
njRat
Executable
PE (Portable Executable)
Win 32 Exe
x86
.Net
SOS: 0.27
Print
General
Structural Analysis
Config.1
Yara Rules43
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Low

Hash
 Hash Value
MD5
f068b84fda2e74c3c62c929bb092f280
Sha1
5e39b58a80bb2ef65d152a7d00dd0e02f45af2b9
Sha256
fca400630d230f655c956eb8eaa44d8cac3953386743def05a81c97d769ace10
Sha384
52819d70fd199d5f25d9cfdd0a5f6e787e6c0d2e0808d4777f11eef2f569963eddd1f02657a8e567e81318cd32a5146a
Sha512
136c696565142ff2fe6b0e94af1892f06b55896462fca20c741445751fde9d2cd1d8cba5885367feea75d6d584d4eb233ee54dfe8fbc53e0de98db3a1564dc2f
SSDeep
384:koWSkWHa55BgDVRGipkItzY6vZg36Eh7FpmRvR6JZlbw8hqIusZzZa1:TJuk9pHRpcnuJ
TLSH
36B22A4E3FA98852D5BC1B7486A5965003B4D1874423EE2FCCC560CBAFB3BD91D48AF9

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
f068b84fda2e74c3c62c929bb092f280
RAT
njRat
Executable
PE (Portable Executable)
Win 32 Exe
x86
.Net
SOS: 0.27
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - njRAT config.
Config. Field
 Value
victim_name [VN]

VIP@2025
version [VR]

0.7d
executable_name [EXE]

winheP.bat
directory [DR]

AppData
reg_key [RG]

1d65de03b06fa0914dd0c3c9d751766e
cnc_host [H]

volkatv500.sytes.net
cnc_port [P]

999
splitter [Y]

|'|'|
BD [BD]

False
is_dir_defined [Idr]

True
is_startup_folder [IsF]

True
is_user_reg [Isu]

True
reg_path [sf]

Software\Microsoft\Windows\CurrentVersion\Run
packet_size [b]

5121
Informations
Name
 Value
Module Name

j.exe
Full Name

j.exe
EntryPoint

System.Void j.A::main()
Scope Name

j.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v2.0.50727
Tables Header Version

512
WinMD Version

<null>
Assembly Name

j
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

214
Main Method

System.Void j.A::main()
Main IL Instruction Count

2
Main IL

call System.Void j.OK::ko() ret <null>
Module Name

j.exe
Full Name

j.exe
EntryPoint

System.Void j.A::main()
Scope Name

j.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v2.0.50727
Tables Header Version

512
WinMD Version

<null>
Assembly Name

j
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

214
Main Method

System.Void j.A::main()
Main IL Instruction Count

2
Main IL

call System.Void j.OK::ko() ret <null>
Artefacts
Name
 Value
CnC

volkatv500.sytes.net
Port

999
f068b84fda2e74c3c62c929bb092f280 (24.06 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙