Malicious
Malicious

250038d713bb19b4dd5927b4d5a58c7a

PE Executable
MD5: 250038d713bb19b4dd5927b4d5a58c7a
Size: 25.09 KB
application/x-dosexec
Ctrl + scroll to zoom · drag to pan

Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.

AI analysis is available with Essential.
Unlock with Essential
Symbol Obfuscation Score Low
MD5 250038d713bb19b4dd5927b4d5a58c7a
Sha1 150ef30a5ceab618654f04f2de422f2f85b37ec9
Sha256 26d0e0fbaae0f40a3f6b48499b09deb1fd3a5287aaf2bacb3f23586c75e8ab4a
Sha384 891ab0c90995672b4a163b8cb1c1fd7de4bbc3768f6d06ef4323e405f72466da699d7268ec28d9921f4de47268160f95
Sha512 cf14ff241fd295c880ee6f2d8ead9c6cfda68e30245fada4622892c03beb7dc0259f054669aa5874673055be23f5550e5ae6ff9a818e16205da010858349fdb6
SSDeep 384:aQeCo2zmZbQHkJeCdUwBvQ61gjuQBnB9mRvR6JZlbw8hqIusZzZOgPq:F5yBVd7RpcnuI
TLSH 42B2094A3FA88C55C4BC26F4C575965003B099470412EE2A8CE574CBFFB3AD66D48AFD
PeID
.NET executableMicrosoft Visual C# / Basic .NETMicrosoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL Microsoft Visual C# v7.0 / Basic .NETMicrosoft Visual Studio .NET
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0032
ID:0
RT_GROUP_CURSOR4
ID:0032
ID:0
RT_MANIFEST
ID:0001
ID:0
STICH beta Structural Threat Infection Chain Hash

A content-independent fingerprint of the infection method: successive formats, internal objects and MITRE techniques from the initial file to each final payload.

STICH Path = the fingerprint (canonical chain with techniques) STICH Shape = structure only Only determinant branches produce STICH Paths.
Path pe:exe>pe:rsrc>bin
Shape pe:exe>pe:rsrc>bin
malicious 3 nodes
Config. Field Value
victim_name [VN] Hahuhuhuhu
version [VR] 0huhuhuhu
executable_name [EXE] njrhuhuhuhu
directory [DR] Aphuhuhuhu
reg_key [RG] 424b44huhuhuhuhuhuhuhuhuhuhu
cnc_host [H] 36.tchuhuhuhuhuhuhu
cnc_port [P] 1huhuhuhu
splitter [Y] |huhuhuhu
BD [BD] Fhuhuhuhu
is_dir_defined [Idr] Thuhuhuhu
is_startup_folder [IsF] Thuhuhuhu
is_user_reg [Isu] Thuhuhuhu
reg_path [sf] Softwahuhuhuhuhuhuhuhuhuhuhu
packet_size [b] 5huhuhuhu
We extracted this malware's full configuration (C2, credentials, campaign IDs…).
Unlock with Essential
Name Value
Info
PE Detect: PeReader OK (file layout)
Module Name
j.exe
Full Name
j.exe
EntryPoint
System.Void j.A::main()
Scope Name
j.exe
Scope Type
ModuleDef
Kind
Windows
Runtime Version
v2.0.50727
Tables Header Version
512
WinMD Version
<null>
Assembly Name
j
Assembly Version
0.0.0.0
Assembly Culture
<null>
Has PublicKey
False
PublicKey Token
<null>
Target Framework
<null>
Total Strings
214
Main Method
System.Void j.A::main()
Main IL Instruction Count
2
Main IL
call System.Void j.OK::ko()
ret <null>
Module Name
j.exe
Full Name
j.exe
EntryPoint
System.Void j.A::main()
Scope Name
j.exe
Scope Type
ModuleDef
Kind
Windows
Runtime Version
v2.0.50727
Tables Header Version
512
WinMD Version
<null>
Assembly Name
j
Assembly Version
0.0.0.0
Assembly Culture
<null>
Has PublicKey
False
PublicKey Token
<null>
Target Framework
<null>
Total Strings
214
Main Method
System.Void j.A::main()
Main IL Instruction Count
2
Main IL
call System.Void j.OK::ko()
ret <null>
CnC CNCmalicious
36.tchuhuhuhuhuhuhu
Port PORTmalicious
1huhuhuhu
Full artefact values (URLs, paths, registry keys, scripts…) are available with Essential.
Unlock with Essential
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0032
ID:0
RT_GROUP_CURSOR4
ID:0032
ID:0
RT_MANIFEST
ID:0001
ID:0
Config. Field Value
victim_name [VN] Hahuhuhuhu
version [VR] 0huhuhuhu
executable_name [EXE] njrhuhuhuhu
directory [DR] Aphuhuhuhu
reg_key [RG] 424b44huhuhuhuhuhuhuhuhuhuhu
cnc_host [H] 36.tchuhuhuhuhuhuhu
cnc_port [P] 1huhuhuhu
splitter [Y] |huhuhuhu
BD [BD] Fhuhuhuhu
is_dir_defined [Idr] Thuhuhuhu
is_startup_folder [IsF] Thuhuhuhu
is_user_reg [Isu] Thuhuhuhu
reg_path [sf] Softwahuhuhuhuhuhuhuhuhuhuhu
packet_size [b] 5huhuhuhu
We extracted this malware's full configuration (C2, credentials, campaign IDs…).
Unlock with Essential
CnC CNCmalicious
36.tchuhuhuhuhuhuhu
250038d713bb19b4dd5927b4d5a58c7a
Port PORTmalicious
1huhuhuhu
250038d713bb19b4dd5927b4d5a58c7a
Full artefact values (URLs, paths, registry keys, scripts…) are available with Essential.
Unlock with Essential
You must be signed in to view YARA rules.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙