Malicious
PE Executable
MD5: 250038d713bb19b4dd5927b4d5a58c7a
Size: 25.09 KB
application/x-dosexec
Ctrl + scroll to zoom · drag to pan
Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.
AI analysis is available with Essential.
Unlock with Essential
Symbol Obfuscation Score
Low
| MD5 | 250038d713bb19b4dd5927b4d5a58c7a |
| Sha1 | 150ef30a5ceab618654f04f2de422f2f85b37ec9 |
| Sha256 | 26d0e0fbaae0f40a3f6b48499b09deb1fd3a5287aaf2bacb3f23586c75e8ab4a |
| Sha384 | 891ab0c90995672b4a163b8cb1c1fd7de4bbc3768f6d06ef4323e405f72466da699d7268ec28d9921f4de47268160f95 |
| Sha512 | cf14ff241fd295c880ee6f2d8ead9c6cfda68e30245fada4622892c03beb7dc0259f054669aa5874673055be23f5550e5ae6ff9a818e16205da010858349fdb6 |
| SSDeep | 384:aQeCo2zmZbQHkJeCdUwBvQ61gjuQBnB9mRvR6JZlbw8hqIusZzZOgPq:F5yBVd7RpcnuI |
| TLSH | 42B2094A3FA88C55C4BC26F4C575965003B099470412EE2A8CE574CBFFB3AD66D48AFD |
PeID
.NET executableMicrosoft Visual C# / Basic .NETMicrosoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL Microsoft Visual C# v7.0 / Basic .NETMicrosoft Visual Studio .NET
STICH
beta
Structural Threat Infection Chain Hash
A content-independent fingerprint of the infection method: successive formats, internal objects and MITRE techniques from the initial file to each final payload.
STICH Path = the fingerprint (canonical chain with techniques)
STICH Shape = structure only
Only determinant branches produce STICH Paths.
Path
pe:exe>pe:rsrc>bin
Shape
pe:exe>pe:rsrc>bin
malicious
3 nodes
| Config. Field | Value |
|---|---|
| victim_name [VN] | Hahuhuhuhu |
| version [VR] | 0huhuhuhu |
| executable_name [EXE] | njrhuhuhuhu |
| directory [DR] | Aphuhuhuhu |
| reg_key [RG] | 424b44huhuhuhuhuhuhuhuhuhuhu |
| cnc_host [H] | 36.tchuhuhuhuhuhuhu |
| cnc_port [P] | 1huhuhuhu |
| splitter [Y] | |huhuhuhu |
| BD [BD] | Fhuhuhuhu |
| is_dir_defined [Idr] | Thuhuhuhu |
| is_startup_folder [IsF] | Thuhuhuhu |
| is_user_reg [Isu] | Thuhuhuhu |
| reg_path [sf] | Softwahuhuhuhuhuhuhuhuhuhuhu |
| packet_size [b] | 5huhuhuhu |
We extracted this malware's full configuration (C2, credentials, campaign IDs…).
Unlock with Essential
| Name | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | j.exe |
| Full Name | j.exe |
| EntryPoint | System.Void j.A::main() |
| Scope Name | j.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v2.0.50727 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | j |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 214 |
| Main Method | System.Void j.A::main() |
| Main IL Instruction Count | 2 |
| Main IL | |
| Module Name | j.exe |
| Full Name | j.exe |
| EntryPoint | System.Void j.A::main() |
| Scope Name | j.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v2.0.50727 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | j |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 214 |
| Main Method | System.Void j.A::main() |
| Main IL Instruction Count | 2 |
| Main IL | |
CnC
CNCmalicious
36.tchuhuhuhuhuhuhu
Port
PORTmalicious
1huhuhuhu
Full artefact values (URLs, paths, registry keys, scripts…) are available with Essential.
Unlock with Essential