Malicious
Malicious

308ef15b5e8f0662fc5c1c828c6c903a

Share on LinkedIn
Print
PE Executable
MD5: 308ef15b5e8f0662fc5c1c828c6c903a
Size: 27.14 KB
application/x-dosexec
Ctrl + scroll to zoom · drag to pan

Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.

AI analysis is available with Essential.
Unlock with Essential
Symbol Obfuscation Score Low
MD5 308ef15b5e8f0662fc5c1c828c6c903a
Sha1 8377396347225864adea430e96e5db8103c7e40f
Sha256 abca9cfafbc5165e73c2bb0ef24815c23a5f865a4c6a4eca61b2c17ec80c9ca7
Sha384 661aa89396f3a988189ab23286d187300b0b9a06e9c9ca1c2ae90c8cce554c4efd661224f8e67c4940db1e2e12522bf7
Sha512 d2d5958d7c66cf6cc613d9fa8c0563372ff98cb17f67701757633aff403f63e93088624c9454733e52f6988cd1cc48f10790425a9412c97be379cfc622fc16ed
SSDeep 384:ugSVEEMiNPWmvHtZARPn9jvH9qbuUshybQxnCJfJBndnjJGK3R:ugSVXFdt+zIbIBiBnnh
TLSH DFC22B0833E4C576E2FD4ABE8C33D5008B75A55B9923D75A6FC490AD29237CD8A14FE4
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
STICH beta Structural Threat Infection Chain Hash

A content-independent fingerprint of the infection method: successive formats, internal objects and MITRE techniques from the initial file to each final payload.

STICH Path = the fingerprint (canonical chain with techniques) STICH Shape = structure only Only determinant branches produce STICH Paths.
Path pe:exe>pe:rsrc>bin
Shape pe:exe>pe:rsrc>bin
malicious 3 nodes
Config. Field Value
Key (AES_256) Byhuhuhuhu
Pastebin -huhuhuhu
Install fhuhuhuhu
Install File Tehuhuhuhu
Install-Folder %huhuhuhu
Version 0.huhuhuhu
Hosts f8bhuhuhuhu
Ports 4huhuhuhu
Mutex Aphuhuhuhu
Delay 0huhuhuhu
Group NYhuhuhuhu
We extracted this malware's full configuration (C2, credentials, campaign IDs…).
Unlock with Essential
Name Value
Info
PE Detect: PeReader OK (file layout)
Info
PDB Path: C:\new\Client\obj\Debug\VIN88APP.pdb
Module Name
VIN88APP.exe
Full Name
VIN88APP.exe
EntryPoint
System.Void Client.Program::Main()
Scope Name
VIN88APP.exe
Scope Type
ModuleDef
Kind
Windows
Runtime Version
v4.0.30319
Tables Header Version
512
WinMD Version
<null>
Assembly Name
VIN88APP
Assembly Version
1.0.0.0
Assembly Culture
<null>
Has PublicKey
False
PublicKey Token
<null>
Target Framework
.NETFramework,Version=v4.8
Total Strings
122
Main Method
System.Void Client.Program::Main()
Main IL Instruction Count
101
Main IL
nop <null>
ldc.i4.0 <null>
stloc.0 <null>
br.s IL_0016: ldloc.0
nop <null>
ldc.i4 1000
call System.Void System.Threading.Thread::Sleep(System.Int32)
nop <null>
nop <null>
ldloc.0 <null>
ldc.i4.1 <null>
add <null>
stloc.0 <null>
ldloc.0 <null>
ldsfld System.String Client.Settings::Delay
call System.Int32 System.Convert::ToInt32(System.String)
clt <null>
stloc.1 <null>
ldloc.1 <null>
brtrue.s IL_0005: nop
call System.Boolean Client.Settings::InitializeSettings()
ldc.i4.0 <null>
ceq <null>
stloc.2 <null>
ldloc.2 <null>
brfalse.s IL_003A: nop
ldc.i4.0 <null>
call System.Void System.Environment::Exit(System.Int32)
nop <null>
nop <null>
nop <null>
call System.Boolean Client.Helper.MutexControl::CreateMutex()
ldc.i4.0 <null>
ceq <null>
stloc.3 <null>
ldloc.3 <null>
brfalse.s IL_004F: ldsfld System.String Client.Settings::Anti
ldc.i4.0 <null>
call System.Void System.Environment::Exit(System.Int32)
nop <null>
ldsfld System.String Client.Settings::Anti
call System.Boolean System.Convert::ToBoolean(System.String)
stloc.s V_4
ldloc.s V_4
brfalse.s IL_0065: ldsfld System.String Client.Settings::Install
call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis()
nop <null>
ldsfld System.String Client.Settings::Install
call System.Boolean System.Convert::ToBoolean(System.String)
stloc.s V_5
ldloc.s V_5
brfalse.s IL_007B: ldsfld System.String Client.Settings::BDOS
call System.Void Client.Install.NormalStartup::Install()
nop <null>
ldsfld System.String Client.Settings::BDOS
call System.Boolean System.Convert::ToBoolean(System.String)
brfalse.s IL_008E: ldc.i4.0
call System.Boolean Client.Helper.Methods::IsAdmin()
br.s IL_008F: stloc.s V_6
ldc.i4.0 <null>
stloc.s V_6
ldloc.s V_6
brfalse.s IL_009B: call System.Void Client.Helper.Methods::PreventSleep()
call System.Void Client.Helper.ProcessCritical::Set()
nop <null>
call System.Void Client.Helper.Methods::PreventSleep()
nop <null>
nop <null>
leave.s IL_00A9: br.s IL_00DD
pop <null>
nop <null>
nop <null>
leave.s IL_00A9: br.s IL_00DD
br.s IL_00DD: ldc.i4.1
nop <null>
nop <null>
call System.Boolean Client.Connection.ClientSocket::get_IsConnected()
ldc.i4.0 <null>
ceq <null>
stloc.s V_7
ldloc.s V_7
brfalse.s IL_00C9: nop
nop <null>
call System.Void Client.Connection.ClientSocket::Reconnect()
nop <null>
call System.Void Client.Connection.ClientSocket::InitializeClient()
nop <null>
nop <null>
nop <null>
leave.s IL_00D1: ldc.i4 5000
pop <null>
nop <null>
nop <null>
leave.s IL_00D1: ldc.i4 5000
ldc.i4 5000
call System.Void System.Threading.Thread::Sleep(System.Int32)
nop <null>
nop <null>
ldc.i4.1 <null>
stloc.s V_8
br.s IL_00AB: nop
Key (AES_256) MUTEXmalicious
Byhuhuhuhu
CnC CNCmalicious
f8bhuhuhuhu
Ports PORTmalicious
4huhuhuhu
Mutex MUTEXmalicious
Aphuhuhuhu
Full artefact values (URLs, paths, registry keys, scripts…) are available with Essential.
Unlock with Essential
An error has occurred. This application may no longer respond until reloaded. Reload 🗙