Malicious
Malicious

23f7bdd024b2b50c579fc74f0a207bec

PE Executable
|
MD5: 23f7bdd024b2b50c579fc74f0a207bec
|
Size: 48.64 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
23f7bdd024b2b50c579fc74f0a207bec
Sha1
df6b08ac7f8745d99d8db6a5179c042267e70cf2
Sha256
212b14b7b050b894e7df80c529ded18ec7a5b8f00a56b28f467ff525ec7111ae
Sha384
11b79cf8d20132da623ef2bbe8485057f3c941c419d02f5642cceb2bbad28e4c6d597e0f5444d665c601b7a3ea1e70f6
Sha512
a908b9c1d6862998017bad084f20a6f8bc94dca2da1b148127d845838fabab76d4e6b1698e01da4fc9f52b999dfbf501421039d0998c772a9a69ac716e4605ac
SSDeep
768:7u+U1TQQEX1WUVt1Pmo2qjw2Cla56vWG62mrviKbx3aNXEsNCS79reTcDZBf+:7u+U1TQfb2fHa5XGavBbxKNUsNL9aYdA
TLSH
F9233A007BE9C26BF27E8F7869F22246427AB2637603D64D1CC411DB5723FC696426ED

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
23f7bdd024b2b50c579fc74f0a207bec
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - AsyncRAT config.
Config. Field
 Value
Key (AES_256)

NTBjTEN1eFdZUnVmM3pybXltSGFmTGRteHFaenVPQVg=
Pastebin

-
Certificate

MIIE8jCCAtqgAwIBAgIQAMNUThGVwpYTnl/OZwuHRTANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjYwMTE1MTUzOTA0WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL+fIjMONxpDg608T3NecEsaVdegATBbmX1fCJpzLTK8zD2OHd+1zfAlPIXoyLEo/+ZkVSsoOBGKVxMKT+KCwVD7fO8Ey/T3R5XceucM1xGgqZ6a27Mg7BP9eedbOloU/Uhwqq9U22s2uKYZGSTn3bK5P9f7knMKUJPCLx45x/PYP+qZUo6LIKmqmkXHtlBpIUMLP/NnHxlOiilZHLRuCm98CB/zm1muhGBWaDSbRZeRkS8q37MiDufiR6c1BhZR902rS2hF+mIsKueX93wteUhmMD56BI7TeMFXfX/Yf59V6hYk0KYBL6xVaZKPKDL9snuKe1e2AFT+o6gaTZzr5l6r7sRwkuN6TaNpZQvU2i5bKSA915R0cTo6M2HqJogeFj9UkgqCSGsgYoiL+nqsIgUcIOx8clrW+Y3NaV8iYPORByLKD/I9LkpF3obv8ueskGW2a1Y+vXkutNFa5TjoPkS/BuB3bq0iXrKtxuo2ec8tN5lp3hkHDr2XK667mnlknrzyZZz/MaMWikLHihs1FUVGCX4cvWWpe3F0/CQf/uyDOo5i5rM4EjH8+JTSweZTNIHi82RjwWg5tZc20tv1wyfbSJjTJJXc91L2lfpRdZc/YMVKkRSVA8DlEamZEAqCbk4y7JsrGF9+ZUwL7f0CReiXjPY8hikyNvE1EvUmY8w3AgMBAAGjMjAwMB0GA1UdDgQWBBT8kGVHIywRMj0X+1cTu1vdlGESmTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQBC9p7uwwh0oOOg6XtH9xMqnPXmD3QlrZS0AbVUP2n1rqIi4Olx+EV6OSSGcRlG9hbEsrlCcjBra/edLTJYzsbNkiTDHN10/etBFYfahm90jclIVFlwwogKQ1MtJi8Ntbiq96QGYL60iGlR2r6Tjw0jPpAY4XP4xrOSiSNvh4EnAAb1USv/OcVPHz0dVSaVvcl99y3Wv1N3iH7Z5c6fcyaUBevURCumhf+WaM+KUeoCNqInolJbedh7XlhnzZV/omnK8MYiMsKZryhiYm22dSSRvM6kaicCWGdgkBT9mQ2VyYFzN5HgluEobfMnP8as2sqHVVj3MIpLqogGHx71pD/OYYwiWAlqRx+huTwErq4nJiVNvuKO4d5krUiq+x9B5Yz1A8MFK1idYz0q7q9a955mDvVZ+0SxML23fWY7ihWeohqUVLsdw3wjAXLApJBUlkSI3rIiD/sNEnN/Ihlf1s0WwDkHjgftvvtLB6r4G6tL87MpyAkEYW7kRAULfLPC2aO/anONh/YRlDpXFpOS0QLx/BW1cIEDsB6cbXANjKi2NIKkiedHWC9MEyTfvuoXVdRQ6mTeuIKJZB2Tf2svouIERLnTG4LYQbHebYd7LUJpEAoJrMyhuxG1atRRu5ArCvDxsEeNOMYGDXH3w9+32bw+McpBm4pFrfExsllUF+OxzQ==
ServerSignature

Lt6ROuV8SiKHdMOLtW+Vz9vWXuLyILvn1k7TJvFuumMvHPeDxZW7B8I4zUgiBxm38pMeQwT0Vusv+sGXaWLdWjhhHAan+3YKD2yeZNZu4f814UTJETCAB1cvA4OmRGFf2HGxC+RpzDUSrmV8mRddGPFlp9Dp+A4KieHUXMmGLJl4v03R7h988gHaP3id2hzu9i//zcOOhN0AvJ/r2NGm8JgwDWWarfBkOPlwfsEun/C2g5lB5Djxe6NQOpM0O3zzIFCH7/omwQxhXRNip5jvdkfTxqHfzaNQIvT6OZigHcI7bUOn+0sm/vNneZxXAQuAotaTFmtEc59/sNR/Xxi2A55xFm7Hwl+eYskjD28FWA2ybx0PtNkj+gQ5pXVV95u75ixqaJ3HMUqZ5DJaVDl1IKNFPJANvAIf2Gc66SIOREfkbQVE5oXQaqSRHzgyUvkV7Yte5Hc5EpMFowJP6gUHFHrt3x45PMKqWI9OBMVxu3bqoeJEKmlZTkxF7Kj6wdZlwwXbfFO4Tc0XqvkmID1M2Vss1MgJwslU/S+gez10AaoU3BneEt5Zg/tB8gpuyzgMokcrR/OyIKrJFyC9M9kUuyouXYWUVgYjxc8A5uA2dELjIQIFoLdjIpMIiEmftn3j0VrluJOE4y41re4jBlBKE3XyGkdM4aCsqHRTQa4FcsE=
Install

true
BDOS

false
Anti-VM

false
Install File

allahoglu.bat.exe
Install-Folder

%AppData%
Version

0.5.7B
Hosts

193.106.196.128
Ports

1964
Mutex

AsyncMutex_6SI8OkPnk
Delay

3
Group

Default
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

QFbMHsfGPWdj
Full Name

QFbMHsfGPWdj
EntryPoint

System.Void EOMpOCgcAYcwdJ.BOaboGheSZOUQ::Main()
Scope Name

QFbMHsfGPWdj
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

dekont
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.8
Total Strings

120
Main Method

System.Void EOMpOCgcAYcwdJ.BOaboGheSZOUQ::Main()
Main IL Instruction Count

51
Main IL

ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String EOMpOCgcAYcwdJ.UjcDqvODTKNPaZ::bnOEUPvgblrFanPt call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean EOMpOCgcAYcwdJ.UjcDqvODTKNPaZ::QhsIuTyyKQW() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean KGQcfJBRSCD.sVDLKtVsIzJTiUHw::eqHaOiVFwLOIxC() brtrue IL_0043: ldsfld System.String EOMpOCgcAYcwdJ.UjcDqvODTKNPaZ::vCtYoQVEevAj ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String EOMpOCgcAYcwdJ.UjcDqvODTKNPaZ::vCtYoQVEevAj call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String EOMpOCgcAYcwdJ.UjcDqvODTKNPaZ::NxQbgPGexKhHGI call System.Void KGQcfJBRSCD.fBXMPYdDYaYAwM::eXldXDYvtvPtJ() ldsfld System.String EOMpOCgcAYcwdJ.UjcDqvODTKNPaZ::NxQbgPGexKhHGI call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String EOMpOCgcAYcwdJ.UjcDqvODTKNPaZ::KGOoDyNCjggpa call System.Void gOcEIMJHKHWW.wCbKSgWjBlPiaQ::RgUeAXFUpnW() ldsfld System.String EOMpOCgcAYcwdJ.UjcDqvODTKNPaZ::KGOoDyNCjggpa call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void KGQcfJBRSCD.znFAOgkKJla::KPLzWLjUSuVx() call System.Boolean KGQcfJBRSCD.znFAOgkKJla::OivMlZlJsyAM() brfalse IL_0089: call System.Void KGQcfJBRSCD.znFAOgkKJla::KPLzWLjUSuVx() call System.Void KGQcfJBRSCD.ZfUuZuiTlWgO::KZGIfJuJYAcL() call System.Void KGQcfJBRSCD.znFAOgkKJla::KPLzWLjUSuVx() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean WYzNxbSipMrHX.zHqsPexsEiDK::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void WYzNxbSipMrHX.zHqsPexsEiDK::SfShCpkPUGMRp() call System.Void WYzNxbSipMrHX.zHqsPexsEiDK::RvRwJpOfHU() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop
Module Name

QFbMHsfGPWdj
Full Name

QFbMHsfGPWdj
EntryPoint

System.Void EOMpOCgcAYcwdJ.BOaboGheSZOUQ::Main()
Scope Name

QFbMHsfGPWdj
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

dekont
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.8
Total Strings

120
Main Method

System.Void EOMpOCgcAYcwdJ.BOaboGheSZOUQ::Main()
Main IL Instruction Count

51
Main IL

ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String EOMpOCgcAYcwdJ.UjcDqvODTKNPaZ::bnOEUPvgblrFanPt call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean EOMpOCgcAYcwdJ.UjcDqvODTKNPaZ::QhsIuTyyKQW() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean KGQcfJBRSCD.sVDLKtVsIzJTiUHw::eqHaOiVFwLOIxC() brtrue IL_0043: ldsfld System.String EOMpOCgcAYcwdJ.UjcDqvODTKNPaZ::vCtYoQVEevAj ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String EOMpOCgcAYcwdJ.UjcDqvODTKNPaZ::vCtYoQVEevAj call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String EOMpOCgcAYcwdJ.UjcDqvODTKNPaZ::NxQbgPGexKhHGI call System.Void KGQcfJBRSCD.fBXMPYdDYaYAwM::eXldXDYvtvPtJ() ldsfld System.String EOMpOCgcAYcwdJ.UjcDqvODTKNPaZ::NxQbgPGexKhHGI call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String EOMpOCgcAYcwdJ.UjcDqvODTKNPaZ::KGOoDyNCjggpa call System.Void gOcEIMJHKHWW.wCbKSgWjBlPiaQ::RgUeAXFUpnW() ldsfld System.String EOMpOCgcAYcwdJ.UjcDqvODTKNPaZ::KGOoDyNCjggpa call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void KGQcfJBRSCD.znFAOgkKJla::KPLzWLjUSuVx() call System.Boolean KGQcfJBRSCD.znFAOgkKJla::OivMlZlJsyAM() brfalse IL_0089: call System.Void KGQcfJBRSCD.znFAOgkKJla::KPLzWLjUSuVx() call System.Void KGQcfJBRSCD.ZfUuZuiTlWgO::KZGIfJuJYAcL() call System.Void KGQcfJBRSCD.znFAOgkKJla::KPLzWLjUSuVx() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean WYzNxbSipMrHX.zHqsPexsEiDK::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void WYzNxbSipMrHX.zHqsPexsEiDK::SfShCpkPUGMRp() call System.Void WYzNxbSipMrHX.zHqsPexsEiDK::RvRwJpOfHU() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop
Artefacts
Name
 Value
Key (AES_256)

NTBjTEN1eFdZUnVmM3pybXltSGFmTGRteHFaenVPQVg=
CnC

193.106.196.128
Ports

1964
Mutex

AsyncMutex_6SI8OkPnk
23f7bdd024b2b50c579fc74f0a207bec (48.64 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙