Malicious
0264751f6495eff1100a4c14e5e6a8dc
PE Executable
MD5: 0264751f6495eff1100a4c14e5e6a8dc
Size: 27.14 KB
application/x-dosexec
Ctrl + scroll to zoom · drag to pan
Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.
AI analysis is available with Essential.
Unlock with Essential
Symbol Obfuscation Score
Low
| MD5 | 0264751f6495eff1100a4c14e5e6a8dc |
| Sha1 | e0052a8ad8311e1ca2074362c9828afd6880811a |
| Sha256 | ed0f08343c0f3288db6fa05dfbe5722e6a6d39a7d985d198e54c63876fc1c22a |
| Sha384 | 0d5e1d15af1ec311fcf0fa383368d6ee3e3df2e19409c15805eeb9d2d61b568bfb0420ad4ab905bc3e110103f2abe6e7 |
| Sha512 | 5a465ce71fd713e87bb5ecc694a58d23abe395610a30f449a9712290ecc4a8a5abf777d1c66c8985462c4945334461d39684e12f27e6666a506f6f2534389671 |
| SSDeep | 384:lgSVEEMiNPWiilvaR90gVqH9qbuUsAbQxnCJfJBndnjJoKX3:lgSVXFWaIIbqBiBn5X3 |
| TLSH | 8FC22C0833E8C576D1FD4A7D883386109735A95B9D23DB5A5FC490AE2933BC98B14FD4 |
STICH
beta
Structural Threat Infection Chain Hash
A content-independent fingerprint of the infection method: successive formats, internal objects and MITRE techniques from the initial file to each final payload.
Structural branches: 1
STICH kept: 1
STICH Path = the fingerprint (canonical chain with techniques)
STICH Shape = structure only
Only determinant branches produce STICH Paths.
1 / 1
Path
pe:exe>pe:rsrc>bin
Shape
pe:exe>pe:rsrc>bin
malicious
3 nodes
| Config. Field | Value |
|---|---|
| Key (AES_256) | Byhuhuhuhu |
| Pastebin | -huhuhuhu |
| Install | fhuhuhuhu |
| Install File | Tehuhuhuhu |
| Install-Folder | %huhuhuhu |
| Version | 0.huhuhuhu |
| Hosts | f16huhuhuhu |
| Ports | 4huhuhuhu |
| Mutex | Aphuhuhuhu |
| Delay | 0huhuhuhu |
| Group | NYhuhuhuhu |
We extracted this malware's full configuration (C2, credentials, campaign IDs…).
Unlock with Essential
| Name | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Info | PDB Path: C:\new\Client\obj\Debug\S8APP.pdb |
| Module Name | S8APP.exe |
| Full Name | S8APP.exe |
| EntryPoint | System.Void Client.Program::Main() |
| Scope Name | S8APP.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | S8APP |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.8 |
| Total Strings | 122 |
| Main Method | System.Void Client.Program::Main() |
| Main IL Instruction Count | 101 |
| Main IL | |
Key (AES_256)
MUTEXmalicious
Byhuhuhuhu
CnC
CNCmalicious
f16huhuhuhu
Ports
PORTmalicious
4huhuhuhu
Mutex
MUTEXmalicious
Aphuhuhuhu
Full artefact values (URLs, paths, registry keys, scripts…) are available with Essential.
Unlock with Essential
| Config. Field | Value |
|---|---|
| Key (AES_256) | Byhuhuhuhu |
| Pastebin | -huhuhuhu |
| Install | fhuhuhuhu |
| Install File | Tehuhuhuhu |
| Install-Folder | %huhuhuhu |
| Version | 0.huhuhuhu |
| Hosts | f16huhuhuhu |
| Ports | 4huhuhuhu |
| Mutex | Aphuhuhuhu |
| Delay | 0huhuhuhu |
| Group | NYhuhuhuhu |
We extracted this malware's full configuration (C2, credentials, campaign IDs…).
Unlock with Essential
Key (AES_256)
MUTEXmalicious
Byhuhuhuhu
0264751f6495eff1100a4c14e5e6a8dc
CnC
CNCmalicious
f16huhuhuhu
0264751f6495eff1100a4c14e5e6a8dc
Ports
PORTmalicious
4huhuhuhu
0264751f6495eff1100a4c14e5e6a8dc
Mutex
MUTEXmalicious
Aphuhuhuhu
0264751f6495eff1100a4c14e5e6a8dc
Full artefact values (URLs, paths, registry keys, scripts…) are available with Essential.
Unlock with Essential
You must be signed in to view YARA rules.