Malicious
Malicious

27e6a6b67007ffa73aa4efc766dcdfd9

PE Executable
|
MD5: 27e6a6b67007ffa73aa4efc766dcdfd9
|
Size: 77.82 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

High

Hash
 Hash Value
MD5
27e6a6b67007ffa73aa4efc766dcdfd9
Sha1
de7bd2aebb658724f4ee4fcd4dbab627b786f28b
Sha256
b60e9d25fa67a6abff4209e4419b52250e447b986f8ad459113c874bc72f676c
Sha384
266b173fd5b0ab1e1d5d631184fcee2640935c829633b3056c1e702e6c0e49bea034ef92e6e931fcbb15f8324b3263bb
Sha512
66a4ae7f2add696623a3da2464d10d0c2e557aae312088229c41bd7a22ba059f18b8dcd00cf8d2b230156f59dd559a6dd37992ecd80a953a65849d47dd510a7f
SSDeep
1536:1dH0MJaSaVr5MDainKAGXDCaw+ovnBJC:7HHJa/Vr1inB3/+CnBJC
TLSH
8D733B18BBEBC526E1ED9A7589E113054335D3563603DB4F2CC8039A4F23BC79F4669A

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
27e6a6b67007ffa73aa4efc766dcdfd9
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
b0494a1f-4bd3-sFuO8sRWF2aQfulVj78LmA==
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Client.g.resources
aR3nbf8dQp2feLmk31.lSfgApatkdxsVcGcrktoFd.resources
$this.Icon
[NBF]root.IconData
progressBar1.Modifiers
$this.Language
$this.GridSize
Malware Configuration - AsyncRAT config.
Config. Field
 Value
Key (AES_256)

bTZIUEExOThPbVc4NTEwZHpUcmZhMmNiT3Fua01YdzQ=
Pastebin

-
Certificate

MIIE8jCCAtqgAwIBAgIQAKxLlAkF1WRT8tAExBlQyzANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjIwOTIwMTQyNzUwWhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKrrWexesJSLqGeYC6kTxL6e4fbMdbCF6T1opNgSYFlyavRm733h8x2GXmzipr8dl/UHWmWcPmk8g2zwjmE7GxoR1aZvC706J8/1cezY8r/KN3wk63Og1nfs4IBpiAAS1FiZYe5mIVFU4np9SfOmuY/FdcCEd8OUu7UbHl28KhuwIMDKtBn2K/rCw9CIzH/KBD4ll1OszTjzf9NLX5bBhz42/lRQE3fvO2gHrewjgy99RFWXdo4YLOZiJqDSQLBMtVezMBTFgGGNeRMzAnwNFyl5/8h0T2GtcdqGhwOTYTQR+Rsj02iuogScF7rgqwrBr5uYxYrZoI36ewAdl2wN1JklGJRx11puu0hDRzCjrFE0CxXcVtdrIztzChIltYHZBKZyxRiZXGmvpZzPIzjCEO3ChXJTBdYqQP2aOQSBVEliDXuxuBNS11uRB1A/D6TQOAy0TWigbjfniDKBvzeSr3dnQxyjH6srvuGD6DFONwba7CVaKadGrmxreDm8vucoUYpaJ4cjOK+ouqQrG7btjHfDhc4MtgSSwR72/Me97QQ0Uybis0q0/im9hhKxZr6I0jhZglfZ/ouZiTjvPsT38azYeUXVo4uYmcbJ3RPTNVv9xwc3DPkFsMkRmDXCp2UWlGVSb7ZjeRz36kW7fnIiQbN2cG5levzLVAWtOjFwjr3/AgMBAAGjMjAwMB0GA1UdDgQWBBRnnpfEE8/fplVj0LmNEhbg781l4TAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQBYfqUFr9Bld91t6lqV5NrngVezAFI4ZBHTDxhyvkrPQZhVxCvGVhOl5WqtmkUrdkUQbs+BS3rm1BBi2c5F4cC5f02v4lehtsM+EXifLaAU5DCE0WQ+/5CCEBh5VZ5dWoszKSIJFZFzktODyhLHwix/SgNcQ7k4+NtAjb6LTg0rSzcDfttAHcgKTCHpIYxR4FdbEAJ0iwBK1w2oBj/aVm9/nW8mQlzTAIyeEIBcfAL95asjkTOj/MrTElXz09nulfPrVSElidHMHsMXMnn7VZKM5rzhpA/zwV/NGYV6U8f9pF+bwZ1ubJKANo0CbkxCMO6BzMwBj+5pdhVCi9Sl6wg9QyYI5RuICLN03MNGEU0G0tVLkMiE3uzx7/evyrTguZJaAOiTmcSrdoToTCpS7znuLwCRyCNMCu0iUxCxbVE27IRxtOJBtVYqUD2Na8ZjaJQPQ5T+afCaeorSXHPX+/TKaqJqPALKVjNt8D6iYPmUXGZy2ED5YxV+QxFi3kibZe3QmR8MnJJs82mz5Tj0czZoZCnEIhm3bRG2BOSXmtwEC1raIXlgYbxmYr4FGYeUBDPL+sDr38YZ3fW2kRvpxocsUrmzYEbqRr3oLFppdKQIbTFNmdtBXOtEfqj8XcERQ4VA3qtOrDFulsAp7lWtoW6Cw6iCcO/1UWkCk6yC0jqdJA==
ServerSignature

Itu9GkPth/tvGfqypEvLHdIbB2hPDqDpioTWvn4O9+Xmi5MIk2lwARacjQhjKdNQ/2bGe85hgogizSXOPRqizwFodoEldghJXAR66doHScY0OqN37BZm0CXoXq8dNubyjn9uFoms2YtLW5lBkuzhbkXziQ1uRtXmhdQV9amDgcY4J6EzkG8kYnysOeKu8v2zhRmkpwLvYX54hbDegbIB263nubh9Olr2JluQprzaI02ceCAC0zW2F/gMQjYP3MzNHFAbvL142QZHpAirp6O26DXJtf0lweK9uYTrSvVP6ORVH3gLmb/lyXY3eJomGakJK3RyBGz6e6isNhGLEU2YeYBOWwOoNlw9Y2NuR5IW4/BojwyjJZwjrDJe1vBnsTsXlVHn7lw4FHwBs56dCOQHRTci6OYY5rsDq+hYaXKQbx5vubrI1OHoOhWX9TygIixD2dKyqN0X4NoeagBdPzwcneJncUaX7uqPNYwcH8s5BrYlt7QC+JAFpzRDi8Zk7neDYTTIC98gac5+Vpdx0nXvSSwqIdyvp3F1txa6njPaIVsTJzFXrXWGSkjJAs8CFhhaF87TPyfrFdJvtCuYmTHcSVJKWI0ul1DEFDq87XKeeQdRpHECYEzKuBp0pOWC41Hct270gKi7KH7pRfTpwn8tSUInvzGMV36K
Install

false
BDOS

false
Anti-VM

false
Install-Folder

%AppData%
Version

0.5.7B
Hosts

ricardocuellar401020.duckdns.org
Ports

5080
Mutex

AsyncMutex_6SI8O
Delay

3
Group

ZCUELLAR
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

SERVERZCUELLAR.exe
Full Name

SERVERZCUELLAR.exe
EntryPoint

System.Void <PrivateImplementationDetails>{C9D51624-7BE3-4530-BBD7-5A7744545664}::Main()
Scope Name

SERVERZCUELLAR.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

SERVERZCUELLAR
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

135
Main Method

System.Void <PrivateImplementationDetails>{C9D51624-7BE3-4530-BBD7-5A7744545664}::Main()
Main IL Instruction Count

3
Main IL

call System.Void hyBi4B7CHOZ0PcM2da.BrEOWILUFmZ9AtRTw7::lLHifFIsCLsZtjvFfN0i() call System.Void Client.Program::Main() ret <null>
Module Name

SERVERZCUELLAR.exe
Full Name

SERVERZCUELLAR.exe
EntryPoint

System.Void <PrivateImplementationDetails>{C9D51624-7BE3-4530-BBD7-5A7744545664}::Main()
Scope Name

SERVERZCUELLAR.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

SERVERZCUELLAR
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

135
Main Method

System.Void <PrivateImplementationDetails>{C9D51624-7BE3-4530-BBD7-5A7744545664}::Main()
Main IL Instruction Count

3
Main IL

call System.Void hyBi4B7CHOZ0PcM2da.BrEOWILUFmZ9AtRTw7::lLHifFIsCLsZtjvFfN0i() call System.Void Client.Program::Main() ret <null>
Artefacts
Name
 Value
Key (AES_256)

bTZIUEExOThPbVc4NTEwZHpUcmZhMmNiT3Fua01YdzQ=
CnC

ricardocuellar401020.duckdns.org
Ports

5080
Mutex

AsyncMutex_6SI8O
27e6a6b67007ffa73aa4efc766dcdfd9 (77.82 KB)
File Structure
27e6a6b67007ffa73aa4efc766dcdfd9
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
b0494a1f-4bd3-sFuO8sRWF2aQfulVj78LmA==
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Client.g.resources
aR3nbf8dQp2feLmk31.lSfgApatkdxsVcGcrktoFd.resources
$this.Icon
[NBF]root.IconData
progressBar1.Modifiers
$this.Language
$this.GridSize
Characteristics
Malware Configuration - AsyncRAT config.
Config. Field
 Value
Key (AES_256)

bTZIUEExOThPbVc4NTEwZHpUcmZhMmNiT3Fua01YdzQ=
Pastebin

-
Certificate

MIIE8jCCAtqgAwIBAgIQAKxLlAkF1WRT8tAExBlQyzANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjIwOTIwMTQyNzUwWhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKrrWexesJSLqGeYC6kTxL6e4fbMdbCF6T1opNgSYFlyavRm733h8x2GXmzipr8dl/UHWmWcPmk8g2zwjmE7GxoR1aZvC706J8/1cezY8r/KN3wk63Og1nfs4IBpiAAS1FiZYe5mIVFU4np9SfOmuY/FdcCEd8OUu7UbHl28KhuwIMDKtBn2K/rCw9CIzH/KBD4ll1OszTjzf9NLX5bBhz42/lRQE3fvO2gHrewjgy99RFWXdo4YLOZiJqDSQLBMtVezMBTFgGGNeRMzAnwNFyl5/8h0T2GtcdqGhwOTYTQR+Rsj02iuogScF7rgqwrBr5uYxYrZoI36ewAdl2wN1JklGJRx11puu0hDRzCjrFE0CxXcVtdrIztzChIltYHZBKZyxRiZXGmvpZzPIzjCEO3ChXJTBdYqQP2aOQSBVEliDXuxuBNS11uRB1A/D6TQOAy0TWigbjfniDKBvzeSr3dnQxyjH6srvuGD6DFONwba7CVaKadGrmxreDm8vucoUYpaJ4cjOK+ouqQrG7btjHfDhc4MtgSSwR72/Me97QQ0Uybis0q0/im9hhKxZr6I0jhZglfZ/ouZiTjvPsT38azYeUXVo4uYmcbJ3RPTNVv9xwc3DPkFsMkRmDXCp2UWlGVSb7ZjeRz36kW7fnIiQbN2cG5levzLVAWtOjFwjr3/AgMBAAGjMjAwMB0GA1UdDgQWBBRnnpfEE8/fplVj0LmNEhbg781l4TAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQBYfqUFr9Bld91t6lqV5NrngVezAFI4ZBHTDxhyvkrPQZhVxCvGVhOl5WqtmkUrdkUQbs+BS3rm1BBi2c5F4cC5f02v4lehtsM+EXifLaAU5DCE0WQ+/5CCEBh5VZ5dWoszKSIJFZFzktODyhLHwix/SgNcQ7k4+NtAjb6LTg0rSzcDfttAHcgKTCHpIYxR4FdbEAJ0iwBK1w2oBj/aVm9/nW8mQlzTAIyeEIBcfAL95asjkTOj/MrTElXz09nulfPrVSElidHMHsMXMnn7VZKM5rzhpA/zwV/NGYV6U8f9pF+bwZ1ubJKANo0CbkxCMO6BzMwBj+5pdhVCi9Sl6wg9QyYI5RuICLN03MNGEU0G0tVLkMiE3uzx7/evyrTguZJaAOiTmcSrdoToTCpS7znuLwCRyCNMCu0iUxCxbVE27IRxtOJBtVYqUD2Na8ZjaJQPQ5T+afCaeorSXHPX+/TKaqJqPALKVjNt8D6iYPmUXGZy2ED5YxV+QxFi3kibZe3QmR8MnJJs82mz5Tj0czZoZCnEIhm3bRG2BOSXmtwEC1raIXlgYbxmYr4FGYeUBDPL+sDr38YZ3fW2kRvpxocsUrmzYEbqRr3oLFppdKQIbTFNmdtBXOtEfqj8XcERQ4VA3qtOrDFulsAp7lWtoW6Cw6iCcO/1UWkCk6yC0jqdJA==
ServerSignature

Itu9GkPth/tvGfqypEvLHdIbB2hPDqDpioTWvn4O9+Xmi5MIk2lwARacjQhjKdNQ/2bGe85hgogizSXOPRqizwFodoEldghJXAR66doHScY0OqN37BZm0CXoXq8dNubyjn9uFoms2YtLW5lBkuzhbkXziQ1uRtXmhdQV9amDgcY4J6EzkG8kYnysOeKu8v2zhRmkpwLvYX54hbDegbIB263nubh9Olr2JluQprzaI02ceCAC0zW2F/gMQjYP3MzNHFAbvL142QZHpAirp6O26DXJtf0lweK9uYTrSvVP6ORVH3gLmb/lyXY3eJomGakJK3RyBGz6e6isNhGLEU2YeYBOWwOoNlw9Y2NuR5IW4/BojwyjJZwjrDJe1vBnsTsXlVHn7lw4FHwBs56dCOQHRTci6OYY5rsDq+hYaXKQbx5vubrI1OHoOhWX9TygIixD2dKyqN0X4NoeagBdPzwcneJncUaX7uqPNYwcH8s5BrYlt7QC+JAFpzRDi8Zk7neDYTTIC98gac5+Vpdx0nXvSSwqIdyvp3F1txa6njPaIVsTJzFXrXWGSkjJAs8CFhhaF87TPyfrFdJvtCuYmTHcSVJKWI0ul1DEFDq87XKeeQdRpHECYEzKuBp0pOWC41Hct270gKi7KH7pRfTpwn8tSUInvzGMV36K
Install

false
BDOS

false
Anti-VM

false
Install-Folder

%AppData%
Version

0.5.7B
Hosts

ricardocuellar401020.duckdns.org
Ports

5080
Mutex

AsyncMutex_6SI8O
Delay

3
Group

ZCUELLAR
Artefacts
Name
 Value Location
Key (AES_256)

bTZIUEExOThPbVc4NTEwZHpUcmZhMmNiT3Fua01YdzQ=

Malicious

27e6a6b67007ffa73aa4efc766dcdfd9
CnC

ricardocuellar401020.duckdns.org

Malicious

27e6a6b67007ffa73aa4efc766dcdfd9
Ports

5080

Malicious

27e6a6b67007ffa73aa4efc766dcdfd9
Mutex

AsyncMutex_6SI8O

Malicious

27e6a6b67007ffa73aa4efc766dcdfd9
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙