Malicious
308ef15b5e8f0662fc5c1c828c6c903a
PE Executable
MD5: 308ef15b5e8f0662fc5c1c828c6c903a
Size: 27.14 KB
application/x-dosexec
Ctrl + scroll to zoom · drag to pan
Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.
AI analysis is available with Essential.
Unlock with Essential
Symbol Obfuscation Score
Low
| MD5 | 308ef15b5e8f0662fc5c1c828c6c903a |
| Sha1 | 8377396347225864adea430e96e5db8103c7e40f |
| Sha256 | abca9cfafbc5165e73c2bb0ef24815c23a5f865a4c6a4eca61b2c17ec80c9ca7 |
| Sha384 | 661aa89396f3a988189ab23286d187300b0b9a06e9c9ca1c2ae90c8cce554c4efd661224f8e67c4940db1e2e12522bf7 |
| Sha512 | d2d5958d7c66cf6cc613d9fa8c0563372ff98cb17f67701757633aff403f63e93088624c9454733e52f6988cd1cc48f10790425a9412c97be379cfc622fc16ed |
| SSDeep | 384:ugSVEEMiNPWmvHtZARPn9jvH9qbuUshybQxnCJfJBndnjJGK3R:ugSVXFdt+zIbIBiBnnh |
| TLSH | DFC22B0833E4C576E2FD4ABE8C33D5008B75A55B9923D75A6FC490AD29237CD8A14FE4 |
STICH
beta
Structural Threat Infection Chain Hash
A content-independent fingerprint of the infection method: successive formats, internal objects and MITRE techniques from the initial file to each final payload.
STICH Path = the fingerprint (canonical chain with techniques)
STICH Shape = structure only
Only determinant branches produce STICH Paths.
Path
pe:exe>pe:rsrc>bin
Shape
pe:exe>pe:rsrc>bin
malicious
3 nodes
| Config. Field | Value |
|---|---|
| Key (AES_256) | Byhuhuhuhu |
| Pastebin | -huhuhuhu |
| Install | fhuhuhuhu |
| Install File | Tehuhuhuhu |
| Install-Folder | %huhuhuhu |
| Version | 0.huhuhuhu |
| Hosts | f8bhuhuhuhu |
| Ports | 4huhuhuhu |
| Mutex | Aphuhuhuhu |
| Delay | 0huhuhuhu |
| Group | NYhuhuhuhu |
We extracted this malware's full configuration (C2, credentials, campaign IDs…).
Unlock with Essential
| Name | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Info | PDB Path: C:\new\Client\obj\Debug\VIN88APP.pdb |
| Module Name | VIN88APP.exe |
| Full Name | VIN88APP.exe |
| EntryPoint | System.Void Client.Program::Main() |
| Scope Name | VIN88APP.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | VIN88APP |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.8 |
| Total Strings | 122 |
| Main Method | System.Void Client.Program::Main() |
| Main IL Instruction Count | 101 |
| Main IL | |
Key (AES_256)
MUTEXmalicious
Byhuhuhuhu
CnC
CNCmalicious
f8bhuhuhuhu
Ports
PORTmalicious
4huhuhuhu
Mutex
MUTEXmalicious
Aphuhuhuhu
Full artefact values (URLs, paths, registry keys, scripts…) are available with Essential.
Unlock with Essential
| Config. Field | Value |
|---|---|
| Key (AES_256) | Byhuhuhuhu |
| Pastebin | -huhuhuhu |
| Install | fhuhuhuhu |
| Install File | Tehuhuhuhu |
| Install-Folder | %huhuhuhu |
| Version | 0.huhuhuhu |
| Hosts | f8bhuhuhuhu |
| Ports | 4huhuhuhu |
| Mutex | Aphuhuhuhu |
| Delay | 0huhuhuhu |
| Group | NYhuhuhuhu |
We extracted this malware's full configuration (C2, credentials, campaign IDs…).
Unlock with Essential
Key (AES_256)
MUTEXmalicious
Byhuhuhuhu
308ef15b5e8f0662fc5c1c828c6c903a
CnC
CNCmalicious
f8bhuhuhuhu
308ef15b5e8f0662fc5c1c828c6c903a
Ports
PORTmalicious
4huhuhuhu
308ef15b5e8f0662fc5c1c828c6c903a
Mutex
MUTEXmalicious
Aphuhuhuhu
308ef15b5e8f0662fc5c1c828c6c903a
Full artefact values (URLs, paths, registry keys, scripts…) are available with Essential.
Unlock with Essential
You must be signed in to view YARA rules.