3b54f597c86314f96f5578da50c6eb42

PE Executable
|
MD5: 3b54f597c86314f96f5578da50c6eb42
|
Size: 48.64 KB
|
application/x-dosexec

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	3b54f597c86314f96f5578da50c6eb42
Sha1	813ffc834d95028d9363877e9177022239957a12
Sha256	16b0ddebe96ddefa27bc4a558e512a9e4d571f848dcc19e7cc4e144a8aa4a3ce
Sha384	d484691ad7a33872d93c7a0862ba7630a3a7f0e240554402ccf4c4c9930af520e4be0172d37163aa0fe62099047a145b
Sha512	2b7acd52a458edcca44d1116e14d677746f486be8df163eb041fe1eb48e85a5b262be455fbff70f2caee32b9f364d0f27a56b04c90ec9da8188d5f3302ee4c3f
SSDeep	768:AseYmfC0mCcvenc32fqNz6A5RyIvrR4Aeb1ngUptWcTprAK8RccQrWBNNR:lCcS02fkzNRbF4xbuU3XTprvYcT2NR
TLSH	BB232A143BE95216E2FE8F7999F11545CABAF6132502E74F1CC002DE4A23FC6DA127E6

File Structure

Malware Configuration - AsyncRAT config.

Config. Field0	Value
Key (AES_256)	b2gwVnJVUFNLNlRFY3VIeEd1N1owNFhyY2JBOE13Ymk=
Pastebin	-
Certificate	MIIE8jCCAtqgAwIBAgIQAOMIvJPAU6LoP1Ucn44URzANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjUxMDEwMTUyNzE4WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMXIq2ZA/jJ6LqmJGt1rYqqRdZPRXwNyyKcb+mZQKYs2mhUhuGFyzSUUaIwdDRHkKDehdsn7ThmR3A3Go0gVS7AbXTAiVIzaOGEcqOnk12R3pQAAhE1eg5FhJ4QR6RoMsy73RjfrTKzomDjYmBbYhqEibAQEQnXvzyHnQAt70gsGEgYQhORrrdt94mCNJjEBqNEaENt3Mrvfs6vy0Yi2C8UVQuEHLuo60mvJklgolqOwbsepmq8UXmWsAXHH2hZNtkpbtWg1yx0n7cCWIcuhfTQaS3X1oRWxaAfQt7RlhuH0oi3NOvfJgJVzG1O/8cajSpf8HvuCs+UmI56GddgwKVaK0eI3PpdNm2aLhrsEpeT284na8SafREXiNp/eGUaraecKpbIpGKriILHvLFfufUUVOMTcHfBwVgc4mNnN2HTULyiLem7HW3ckGH7KKQPSn0pIWWAPNP87E+T2m8XODiiBGDk7ejBIJJzDaa0s5e4YV+Un0ahrzznagr61oO45kI3I3P9b23sGOElZHFRKQZAj3XLJOkiVR8mYyI1XhRf8TeQ8KU/Bzw7PBHwWxGmB61nSuMkG/hPYiXMJoBE6tnnV+eoUZlkOcMeb+BgySVjgLQ+VEeQ5k+mu07HIywoCCJIV4MX3wINpYN+73ri0OhydwnhdwbRLcL5VWvJ2Zn9HAgMBAAGjMjAwMB0GA1UdDgQWBBQCPTDYFWNH7puRgZKDd7JocFZ0ozAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQCrI7jtFXmaNl1njhz/YjZhKPVip/xE1PAZ4WV2axz6zXunVZwVWXOzD6LDfkoDWQXhzlmrLMtbRbWUBBNn13oFsY742YCXr8oz3XKUN+cbtQq3Mfpe/mVe2fkZ1VQQXKHQXNzDkwJsp8VCzPhRW/Skd1bRAZpkBiO8W7aXysJKaGje+2kmnstBRjYtSWWUej7xr5mtL8BcnglJWJICHMqgQJF+1bp8Li26hJQIMIO+JSZQ6XZ7g7H2wNCJMX3hw2pUwRSOvvZexjM7M8p9yVWf0d10CoR6cVt24vYr4S5ERLYnVnX53AnsPgCJ0Z42qddqK2ak0M0FUGFC8i4eMCRBNLZbEnx0jWjNM90I3lYcYOVt1JyE/LTt7v99/LI8pA/QGGosgAVkwxHifPGnf3oaZW5lixD4KBlpodHVJCowsX4DQULEPlj9k4VyEGft/4Pb7P15GBWa5bWUji+km8H1jzJCEsWDgzyGZcwAXHDgwT4O1rTV3Y0ayRH7T+MOh5utBnRxNEUcbg92RRhnQBCYBcBVsBv8fwQccH+pA/vUnYDBXFC7zeIAVpCmY3mmixPoAkcsivGuX8S+24swHKCRrVUA68ge6sv+D94tFLfDSRqHcwZ5UDa2qcOFmC3KIibkiOt7kztUNFBwlpsAyYe2mMRLRUMicHXGVkODAfsNVA==
ServerSignature	JDKMPV/e33fGaB6yHVtRiszVzdGeD7xhTdDjLfZ+CSepZnIiylmxSRWBNvf01kw7S12aJ2dl6Y+jwtF9u3SxvVtVbS6XGbWyzVrxNzAcpzegEN4PbWerFT+RS5EVZ8M18Dwgt5EQyrv+YjUDERaeo053IniGrhz9jmmsucoW+N2s1c87QZ2lZbfAdwtHLrvo5TvK9rM58sbIhvkT/zK9Nvtpox2aQBmeCMPv19PkODicM8Zwy+9Br0fYl7OE05E35GiB7Z8dOPBDaeIctAYipGVXSDyRDnSOCW5B/Ik2nq28U2bYfZO4ROQvE0537JuWEmY7OSy8/VSTILK9lJZIpSSQQZTwTzMHmGvvdpNEb55/oTJi5mtKQo54dHrblXIrckKXQkVUtIDqvYNWN1RKBNOHb6qxj+doIFjJtyDQTrDJq6nMD2y8dpiKstIqVIndfnL/FO5hT8yAChTW4Epa0l5LPH//+YT2OIn528fsCY4nz7KQg618sDGSMANant09jf56E+cJPSGZYeeQteAmzmOiITLGm2NwoWf3KA0hvzW5zSNrG+Ort37Rstxft5oc9O/AE7ESGgTW1yDp0eFpnR3CplGS8rB1jw63Bk9sbX54nte/A3sZoYWCzDF/1tnOuNiIsLPqfMAk9FoVbD1UXsb4Z7Xjji8NG7Bdmirw7f4=
Install	true
BDOS	false
Anti-VM	true
Install File	gClient.exe
Install-Folder	%AppData%
Hosts	livecdnem.com,www.livecdnem.com,xoilac.livecdnem.com,www.xoilac.livecdnem.com,xlz.livecdnem.com,www.xlz.livecdnem.com,91p.livecdnem.com,www.91p.livecdnem.com,ck.livecdnem.com,www.ck.livecdnem.com,xl365.livecdnem.com,www.xl365.livecdnem.com,soco.livecdnem.com,www.soco.livecdnem.com,xlvi.livecdnem.com,www.xlvi.livecdnem.com
Ports	25,80,443,8443
Mutex	lM9F7Ezcu9e3
Version	0.5.8
Delay	9

Informations

Name0	Value
Info	PE Detect: PeReader OK (file layout)
Info	PDB Path: C:\Users\vboxuser\Desktop\SourceDecode\gatex\obj\Release\net481\gClient.pdb
Module Name	gClient.exe
Full Name	gClient.exe
EntryPoint	System.Void Client.Program::Main()
Scope Name	gClient.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	gClient
Assembly Version	1.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.8.1
Total Strings	128
Main Method	System.Void Client.Program::Main()
Main IL Instruction Count	69
Main IL	ldc.i4.0 <null> stloc.0 <null> br.s IL_0012: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::Delay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0004: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue.s IL_002C: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue.s IL_003E: ldsfld System.String Client.Settings::Anti ldstr Mutex already exists or cannot be created. call System.Void System.Console::WriteLine(System.String) ldsfld System.String Client.Settings::Anti call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_004F: ldsfld System.String Client.Settings::Install call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() ldsfld System.String Client.Settings::Install call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_009D: ldsfld System.String Client.Settings::BDOS call System.Void Client.Install.NormalStartup::Install() leave.s IL_009D: ldsfld System.String Client.Settings::BDOS stloc.1 <null> ldstr Win32Exception caught: {0} - {1} ldloc.1 <null> callvirt System.Int32 System.ComponentModel.Win32Exception::get_NativeErrorCode() box System.Int32 ldloc.1 <null> callvirt System.String System.Exception::get_Message() call System.String System.String::Format(System.String,System.Object,System.Object) call System.Void System.Console::WriteLine(System.String) leave.s IL_009D: ldsfld System.String Client.Settings::BDOS stloc.2 <null> ldstr Other exception: ldloc.2 <null> callvirt System.String System.Exception::get_Message() call System.String System.String::Concat(System.String,System.String) call System.Void System.Console::WriteLine(System.String) leave.s IL_009D: ldsfld System.String Client.Settings::BDOS ldsfld System.String Client.Settings::BDOS call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_00B5: call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse.s IL_00B5: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.ProcessCritical::Set() call System.Void Client.Helper.Methods::PreventSleep() leave.s IL_00BF: nop pop <null> leave.s IL_00BF: nop nop <null> call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue.s IL_00D1: leave.s IL_00D6 call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() leave.s IL_00D6: ldc.i4 5000 pop <null> leave.s IL_00D6: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_00BF: nop

Artefacts

Name0	Value
Key (AES_256)	b2gwVnJVUFNLNlRFY3VIeEd1N1owNFhyY2JBOE13Ymk=
CnC	livecdnem.com
CnC	www.livecdnem.com
CnC	xoilac.livecdnem.com
CnC	www.xoilac.livecdnem.com
CnC	xlz.livecdnem.com
CnC	www.xlz.livecdnem.com
CnC	91p.livecdnem.com
CnC	www.91p.livecdnem.com
CnC	ck.livecdnem.com
CnC	www.ck.livecdnem.com
CnC	xl365.livecdnem.com
CnC	www.xl365.livecdnem.com
CnC	soco.livecdnem.com
CnC	www.soco.livecdnem.com
CnC	xlvi.livecdnem.com
CnC	www.xlvi.livecdnem.com
Ports	25
Ports	80
Ports	443
Ports	8443
Mutex	lM9F7Ezcu9e3

3b54f597c86314f96f5578da50c6eb42 (48.64 KB)

3b54f597c86314f96f5578da50c6eb42

PE Executable | MD5: 3b54f597c86314f96f5578da50c6eb42 | Size: 48.64 KB | application/x-dosexec

PE Executable
|
MD5: 3b54f597c86314f96f5578da50c6eb42
|
Size: 48.64 KB
|
application/x-dosexec