Malicious
2f577ce224d2311a841d8d76abb63b70
PE Executable
MD5: 2f577ce224d2311a841d8d76abb63b70
Size: 24.06 KB
application/x-dosexec
Ctrl + scroll to zoom · drag to pan
Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.
AI analysis is available with Essential.
Unlock with Essential
Symbol Obfuscation Score
Low
| MD5 | 2f577ce224d2311a841d8d76abb63b70 |
| Sha1 | e8c9bae6dcae34bfb51c0073d89b7f2d944f68c6 |
| Sha256 | 4e5c8cedafeb1be4d6d1719cc913d5e13666c8b67e23e0c29f94baff0c00ce45 |
| Sha384 | b1421f53b459606616193995099912e17a3ddfdee1b8b1c4f3bb70e93ba2fe41f4bf77a3a46701b01193c244aaf256ae |
| Sha512 | a30103c0a9dabd2c8016f2a3686fc837831f1db23ee8ff0aef075a026b0bc531cdaea569a6961b35644605c127adb0323c85c85454d4211e8ec89e7cd073c0b4 |
| SSDeep | 384:o8aLWS0dABLYVq6RxP8MDFF09vK563gRMmJKUv0mRvR6JZlbw8hqIusZzZLc:nXcwt3tRpcnun |
| TLSH | 5EB21A4E3FA98856D5AC1B748AB5965003B4D1470423EE2FCCC464DBAFB36D92D4CAF8 |
PeID
.NET executableMicrosoft Visual C# / Basic .NETMicrosoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL Microsoft Visual C# v7.0 / Basic .NETMicrosoft Visual Studio .NET
STICH
beta
Structural Threat Infection Chain Hash
A content-independent fingerprint of the infection method: successive formats, internal objects and MITRE techniques from the initial file to each final payload.
STICH Path = the fingerprint (canonical chain with techniques)
STICH Shape = structure only
Only determinant branches produce STICH Paths.
Path
pe:exe>pe:rsrc>bin
Shape
pe:exe>pe:rsrc>bin
malicious
3 nodes
| Config. Field | Value |
|---|---|
| victim_name [VN] | Hahuhuhuhu |
| version [VR] | 0huhuhuhu |
| executable_name [EXE] | serhuhuhuhu |
| directory [DR] | Thuhuhuhu |
| reg_key [RG] | 62a1e7huhuhuhuhuhuhuhuhuhuhu |
| cnc_host [H] | 127huhuhuhu |
| cnc_port [P] | 9huhuhuhu |
| splitter [Y] | |huhuhuhu |
| BD [BD] | Fhuhuhuhu |
| is_dir_defined [Idr] | Thuhuhuhu |
| is_startup_folder [IsF] | Fhuhuhuhu |
| is_user_reg [Isu] | Thuhuhuhu |
| reg_path [sf] | Softwahuhuhuhuhuhuhuhuhuhuhu |
| packet_size [b] | 5huhuhuhu |
We extracted this malware's full configuration (C2, credentials, campaign IDs…).
Unlock with Essential
| Name | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | j.exe |
| Full Name | j.exe |
| EntryPoint | System.Void j.A::main() |
| Scope Name | j.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v2.0.50727 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | j |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 214 |
| Main Method | System.Void j.A::main() |
| Main IL Instruction Count | 2 |
| Main IL | |
| Module Name | j.exe |
| Full Name | j.exe |
| EntryPoint | System.Void j.A::main() |
| Scope Name | j.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v2.0.50727 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | j |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 214 |
| Main Method | System.Void j.A::main() |
| Main IL Instruction Count | 2 |
| Main IL | |
CnC
CNCmalicious
127huhuhuhu
Port
PORTmalicious
9huhuhuhu
Full artefact values (URLs, paths, registry keys, scripts…) are available with Essential.
Unlock with Essential
| Config. Field | Value |
|---|---|
| victim_name [VN] | Hahuhuhuhu |
| version [VR] | 0huhuhuhu |
| executable_name [EXE] | serhuhuhuhu |
| directory [DR] | Thuhuhuhu |
| reg_key [RG] | 62a1e7huhuhuhuhuhuhuhuhuhuhu |
| cnc_host [H] | 127huhuhuhu |
| cnc_port [P] | 9huhuhuhu |
| splitter [Y] | |huhuhuhu |
| BD [BD] | Fhuhuhuhu |
| is_dir_defined [Idr] | Thuhuhuhu |
| is_startup_folder [IsF] | Fhuhuhuhu |
| is_user_reg [Isu] | Thuhuhuhu |
| reg_path [sf] | Softwahuhuhuhuhuhuhuhuhuhuhu |
| packet_size [b] | 5huhuhuhu |
We extracted this malware's full configuration (C2, credentials, campaign IDs…).
Unlock with Essential
CnC
CNCmalicious
127huhuhuhu
2f577ce224d2311a841d8d76abb63b70
Port
PORTmalicious
9huhuhuhu
2f577ce224d2311a841d8d76abb63b70
Full artefact values (URLs, paths, registry keys, scripts…) are available with Essential.
Unlock with Essential
You must be signed in to view YARA rules.