Malicious
Malicious

2f577ce224d2311a841d8d76abb63b70

Share on LinkedIn
Print
PE Executable
MD5: 2f577ce224d2311a841d8d76abb63b70
Size: 24.06 KB
application/x-dosexec
Ctrl + scroll to zoom · drag to pan

Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.

AI analysis is available with Essential.
Unlock with Essential
Symbol Obfuscation Score Low
MD5 2f577ce224d2311a841d8d76abb63b70
Sha1 e8c9bae6dcae34bfb51c0073d89b7f2d944f68c6
Sha256 4e5c8cedafeb1be4d6d1719cc913d5e13666c8b67e23e0c29f94baff0c00ce45
Sha384 b1421f53b459606616193995099912e17a3ddfdee1b8b1c4f3bb70e93ba2fe41f4bf77a3a46701b01193c244aaf256ae
Sha512 a30103c0a9dabd2c8016f2a3686fc837831f1db23ee8ff0aef075a026b0bc531cdaea569a6961b35644605c127adb0323c85c85454d4211e8ec89e7cd073c0b4
SSDeep 384:o8aLWS0dABLYVq6RxP8MDFF09vK563gRMmJKUv0mRvR6JZlbw8hqIusZzZLc:nXcwt3tRpcnun
TLSH 5EB21A4E3FA98856D5AC1B748AB5965003B4D1470423EE2FCCC464DBAFB36D92D4CAF8
PeID
.NET executableMicrosoft Visual C# / Basic .NETMicrosoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL Microsoft Visual C# v7.0 / Basic .NETMicrosoft Visual Studio .NET
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:0
STICH beta Structural Threat Infection Chain Hash

A content-independent fingerprint of the infection method: successive formats, internal objects and MITRE techniques from the initial file to each final payload.

STICH Path = the fingerprint (canonical chain with techniques) STICH Shape = structure only Only determinant branches produce STICH Paths.
Path pe:exe>pe:rsrc>bin
Shape pe:exe>pe:rsrc>bin
malicious 3 nodes
Config. Field Value
victim_name [VN] Hahuhuhuhu
version [VR] 0huhuhuhu
executable_name [EXE] serhuhuhuhu
directory [DR] Thuhuhuhu
reg_key [RG] 62a1e7huhuhuhuhuhuhuhuhuhuhu
cnc_host [H] 127huhuhuhu
cnc_port [P] 9huhuhuhu
splitter [Y] |huhuhuhu
BD [BD] Fhuhuhuhu
is_dir_defined [Idr] Thuhuhuhu
is_startup_folder [IsF] Fhuhuhuhu
is_user_reg [Isu] Thuhuhuhu
reg_path [sf] Softwahuhuhuhuhuhuhuhuhuhuhu
packet_size [b] 5huhuhuhu
We extracted this malware's full configuration (C2, credentials, campaign IDs…).
Unlock with Essential
Name Value
Info
PE Detect: PeReader OK (file layout)
Module Name
j.exe
Full Name
j.exe
EntryPoint
System.Void j.A::main()
Scope Name
j.exe
Scope Type
ModuleDef
Kind
Windows
Runtime Version
v2.0.50727
Tables Header Version
512
WinMD Version
<null>
Assembly Name
j
Assembly Version
0.0.0.0
Assembly Culture
<null>
Has PublicKey
False
PublicKey Token
<null>
Target Framework
<null>
Total Strings
214
Main Method
System.Void j.A::main()
Main IL Instruction Count
2
Main IL
call System.Void j.OK::ko()
ret <null>
Module Name
j.exe
Full Name
j.exe
EntryPoint
System.Void j.A::main()
Scope Name
j.exe
Scope Type
ModuleDef
Kind
Windows
Runtime Version
v2.0.50727
Tables Header Version
512
WinMD Version
<null>
Assembly Name
j
Assembly Version
0.0.0.0
Assembly Culture
<null>
Has PublicKey
False
PublicKey Token
<null>
Target Framework
<null>
Total Strings
214
Main Method
System.Void j.A::main()
Main IL Instruction Count
2
Main IL
call System.Void j.OK::ko()
ret <null>
CnC CNCmalicious
127huhuhuhu
Port PORTmalicious
9huhuhuhu
Full artefact values (URLs, paths, registry keys, scripts…) are available with Essential.
Unlock with Essential
An error has occurred. This application may no longer respond until reloaded. Reload 🗙