|
Hash | Hash Value |
|---|---|
| MD5 | 01c8ebe3045d2c343252a5ee54351faa
|
| Sha1 | 2b1f8e2b1510a8db797a31d8caf92c24ea3f80b5
|
| Sha256 | 13c5cabdb28c7d0a56631b45507340ccf4db9458f8fc448bf594cab8ae451030
|
| Sha384 | a20f725d9b76ff344e467c343f4d1ab9100642dde50c02d188d6b9b4d3dbd4dc78a749baf646cbd6fc97afb4970ec9ed
|
| Sha512 | fffd6dec11d9fda42f0d98bcbbe5189df482b247d6d87101833bfbf30681290799d3ac66fcc8d01ee9dbf51a2a4ede6e808456df5d08491b2ca03f2f6133ea13
|
| SSDeep | 1536:LuTZsHCv3Ear+gRJNcRa0h/L3isYAQPoQ/xMFX4:Lu9sK3V+yJaa0h/L3isYAQPoQ/xMFX4
|
| TLSH | 38A384A83760D46CF4AEC4758AF1EE310AB3F0CD54F1865D599B341FEA2334105AEA6B
|
PeID
|
Config. Field0 | Value |
|---|---|
| packet_size [b] | 5121 |
| BD [BD] | True |
| directory [DR] | TEMP |
| executable_name [EXE] | server.exe |
| cnc_host [HH] | 7.tcp.eu.ngrok.io |
| is_dir_defined [Idr] | False |
| is_startup_folder [IsF] | True |
| is_user_reg [Isu] | True |
| NH [NH] | 0 |
| cnc_port [P] | 11722 |
| reg_key [RG] | d30381b9007f19ca6853f8f169f966ca |
| reg_path [sf] | Software\Microsoft\Windows\CurrentVersion\Run |
| sizk | 20 |
| victim_name [VN] | HacKed |
| version [VR] | im523 |
| splitter [Y] | |'|'| |
| HD | False |
| anti [anti] | Exsample.exe |
| anti2 [anti2] | False |
| usb [usb] | True |
| usbx [usbx] | svchost.exe |
| task [task] | True |
|
Name0 | Value |
|---|---|
| Module Name | w.exe |
| Full Name | w.exe |
| EntryPoint | System.Void w.A::main() |
| Scope Name | w.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v2.0.50727 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | w |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 338 |
| Main Method | System.Void w.A::main() |
| Main IL Instruction Count | 5 |
| Main IL | nop <null> call System.Void w.OK::ko() nop <null> nop <null> ret <null> |
| Module Name | w.exe |
| Full Name | w.exe |
| EntryPoint | System.Void w.A::main() |
| Scope Name | w.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v2.0.50727 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | w |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 338 |
| Main Method | System.Void w.A::main() |
| Main IL Instruction Count | 5 |
| Main IL | nop <null> call System.Void w.OK::ko() nop <null> nop <null> ret <null> |
|
Name0 | Value |
|---|---|
| Port | 11722 |
| Embedded Resources | 0 |
| Suspicious Type Names (1-2 chars) | 3 |
|
Config. Field0 | Value |
|---|---|
| packet_size [b] | 5121 |
| BD [BD] | True |
| directory [DR] | TEMP |
| executable_name [EXE] | server.exe |
| cnc_host [HH] | 7.tcp.eu.ngrok.io |
| is_dir_defined [Idr] | False |
| is_startup_folder [IsF] | True |
| is_user_reg [Isu] | True |
| NH [NH] | 0 |
| cnc_port [P] | 11722 |
| reg_key [RG] | d30381b9007f19ca6853f8f169f966ca |
| reg_path [sf] | Software\Microsoft\Windows\CurrentVersion\Run |
| sizk | 20 |
| victim_name [VN] | HacKed |
| version [VR] | im523 |
| splitter [Y] | |'|'| |
| HD | False |
| anti [anti] | Exsample.exe |
| anti2 [anti2] | False |
| usb [usb] | True |
| usbx [usbx] | svchost.exe |
| task [task] | True |
|
Name0 | Value | Location |
|---|---|---|
| Port | 11722 Malicious |
01c8ebe3045d2c343252a5ee54351faa |
| Embedded Resources | 0 |
01c8ebe3045d2c343252a5ee54351faa |
| Suspicious Type Names (1-2 chars) | 3 |
01c8ebe3045d2c343252a5ee54351faa |