Malicious
PE Executable
MD5: 2f577ce224d2311a841d8d76abb63b70
Size: 24.06 KB
application/x-dosexec
Ctrl + scroll to zoom · drag to pan
Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.
AI analysis is available with Essential.
Unlock with Essential
Symbol Obfuscation Score
Low
| MD5 | 2f577ce224d2311a841d8d76abb63b70 |
| Sha1 | e8c9bae6dcae34bfb51c0073d89b7f2d944f68c6 |
| Sha256 | 4e5c8cedafeb1be4d6d1719cc913d5e13666c8b67e23e0c29f94baff0c00ce45 |
| Sha384 | b1421f53b459606616193995099912e17a3ddfdee1b8b1c4f3bb70e93ba2fe41f4bf77a3a46701b01193c244aaf256ae |
| Sha512 | a30103c0a9dabd2c8016f2a3686fc837831f1db23ee8ff0aef075a026b0bc531cdaea569a6961b35644605c127adb0323c85c85454d4211e8ec89e7cd073c0b4 |
| SSDeep | 384:o8aLWS0dABLYVq6RxP8MDFF09vK563gRMmJKUv0mRvR6JZlbw8hqIusZzZLc:nXcwt3tRpcnun |
| TLSH | 5EB21A4E3FA98856D5AC1B748AB5965003B4D1470423EE2FCCC464DBAFB36D92D4CAF8 |
PeID
.NET executableMicrosoft Visual C# / Basic .NETMicrosoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL Microsoft Visual C# v7.0 / Basic .NETMicrosoft Visual Studio .NET
STICH
beta
Structural Threat Infection Chain Hash
A content-independent fingerprint of the infection method: successive formats, internal objects and MITRE techniques from the initial file to each final payload.
STICH Path = the fingerprint (canonical chain with techniques)
STICH Shape = structure only
Only determinant branches produce STICH Paths.
Path
pe:exe>pe:rsrc>bin
Shape
pe:exe>pe:rsrc>bin
malicious
3 nodes
| Config. Field | Value |
|---|---|
| victim_name [VN] | Hahuhuhuhu |
| version [VR] | 0huhuhuhu |
| executable_name [EXE] | serhuhuhuhu |
| directory [DR] | Thuhuhuhu |
| reg_key [RG] | 62a1e7huhuhuhuhuhuhuhuhuhuhu |
| cnc_host [H] | 127huhuhuhu |
| cnc_port [P] | 9huhuhuhu |
| splitter [Y] | |huhuhuhu |
| BD [BD] | Fhuhuhuhu |
| is_dir_defined [Idr] | Thuhuhuhu |
| is_startup_folder [IsF] | Fhuhuhuhu |
| is_user_reg [Isu] | Thuhuhuhu |
| reg_path [sf] | Softwahuhuhuhuhuhuhuhuhuhuhu |
| packet_size [b] | 5huhuhuhu |
We extracted this malware's full configuration (C2, credentials, campaign IDs…).
Unlock with Essential
| Name | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | j.exe |
| Full Name | j.exe |
| EntryPoint | System.Void j.A::main() |
| Scope Name | j.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v2.0.50727 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | j |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 214 |
| Main Method | System.Void j.A::main() |
| Main IL Instruction Count | 2 |
| Main IL | |
| Module Name | j.exe |
| Full Name | j.exe |
| EntryPoint | System.Void j.A::main() |
| Scope Name | j.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v2.0.50727 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | j |
| Assembly Version | 0.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | <null> |
| Total Strings | 214 |
| Main Method | System.Void j.A::main() |
| Main IL Instruction Count | 2 |
| Main IL | |
CnC
CNCmalicious
127huhuhuhu
Port
PORTmalicious
9huhuhuhu
Full artefact values (URLs, paths, registry keys, scripts…) are available with Essential.
Unlock with Essential