Malicious
Malicious

4081aaa83fe8d7c1383491351eb7296e

PE Executable
|
MD5: 4081aaa83fe8d7c1383491351eb7296e
|
Size: 49.15 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
4081aaa83fe8d7c1383491351eb7296e
Sha1
1824aa46bf68a54f1185e86f43a9c8132470ec9c
Sha256
41c1346afc5bd376fb0132a236647a5b94c4eedc943ad40a8d4aee1a20f3e268
Sha384
28650001fd8f94e277183d8bfba1d88cc385986ac081886ecfb48cf21dc4e42cbbbb9d11eb6f5005cf7a8d6bf91f4f98
Sha512
40eea9e71d6894a0b6beb7092b48d195b284a743187bee15d571431aa1319a9b81fd61eb83c8808e3ceaddbeaeb86fadc7eae931a099b5385ea458a5fed4587d
SSDeep
768:uu201TwwL/dWUdN+3mo2qzeWnq1sE7fgPkJPInuW6UBD0bxoYO+SuOzjQyC/43lw:uu201TwQk2hWysE7IPBnufbxofeOXQyc
TLSH
2C233B003BE9812EF27E4F74A9F26145857AF2677603D64E2CC441D75A13FC68642AFE

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
4081aaa83fe8d7c1383491351eb7296e
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - AsyncRAT config.
Config. Field
 Value
Key (AES_256)

WlZpMEZoY0xuR2t5REI4M1VaUHFlQThDdUZTcFdJbFc=
Pastebin

-
Certificate

MIIE8jCCAtqgAwIBAgIQALZ70x25LR856+62fbSbtzANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjUxMTAyMDc1ODUyWhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAI0zxprtGLDWPnYO2M+cJqe2xlvh89hQPe72zwI0oo23Q6WByBFKRnJA83ZIcm4ulr0orDLyj/v2qp0XupkztScdbh/XtxcB4XcmtDkl87QWXskLlfvlIcrEPJxgpIXheubUl0vtmafHKh0EyC7S2JqW0gLWR2SRuBRuTYqmF5QPUW1BlSiInkBRN2JqXYT0qe2uFtlHtBm5orhXuSb6mubfXZELXhKfeO+ktlSwdsxnR4um/vuEqSij7EhSqRmgixOOz492RKF84Gz6xsI+wY8Utt6NOrZxwm+sphMK814yvdx47xqEWjioRDKaZM4HfhV7xinl5tvOcrc6w1rGmcLXeWGMgGUV11XXNCprhT1ZVEeQU+bIlumY/6ypJaJ1W7AwZvZ//Rycv+0iFkEcZFihoFdg2mdhk7MES7H9grz8dK1v34ZltErRuf1Aln8g3+j2r/6o5sg9RY8vHUfzNjY2ptH9vXyrfzuh941LxeH5/nVHDRCuHoCT0K1ux3b5JDpcC1sCvKnkVDIicudzfi0ZM11gQTw8JWzHPdjXxrTTcLeK5UNhwHo+AkM88qJeNTgPRpPic4H8krXDWPoxH0o6g5GDv8PNeQfREgD7f1kZIavoEfhKeGVsL3hC7Or2IPWkU/kCbFrW1JhugkO4aqjpIT0HgC/d55fbJloLLMwvAgMBAAGjMjAwMB0GA1UdDgQWBBQv+DQDQt5L3cCz/+unn7AQk1Uz0zAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQASf5PdoHa9Z2oGr3FyeUTT4fdNUobDdKXHjfajQ+D7m8ISoAZ98TVacfDYN4SUt0smdLfXPLMryZHmN4MSpA2BhTav7VI1Zo3ISxYOOb2gloIg08wY8zBT4e4VyOCfRjU0tOe95IkDs4MilljZHB/So+lDKm+6stKay3tLXq+rdZqWFEHGHstMp24k9jrcT69o1kZjfZGnc/g51dj66LvWKccwea5UfokRfB7UZ1AdkDT2MWZbunNTK4BpXRWvf9RfE3+vr7E3jYEpNKNYlsPRbyacnINOINU+fuuP5+APT+ipVomeCCgMPq2pTVB+21W4nM6H10eaXlAESfUfZYZEAbwo5pPI27GDCK7bd9RFKye+wIzPWNXrDrwZ1eMtPJptb2hSrJ21YPhv8a/0JnofDp+xVbfl4xH5+bbGVL2qBIPV0WefdjeeBouO016FDuFCm99oWCYJ3EXgRf9GSAIfIaqgTxdoPzirtd1VLM2BX4V47xlUpyYgRJ0/KI/yonK6/WzsrB9MzkPV6aVJ64bTGx97YuTE+4jcNQMBf0BK4PHKqDYFPdWKM1bcW9TDy5uPMl2KUejFcCfS2Q+pIdvvJGt4Yw13wcTLcwSbIVPgamBlOLetuvEm/ZOj70VdG0YbuTeBU30/pWFC3mlwr4ftnD/byRJ59dobqcdn3zfRFw==
ServerSignature

QVEhLCV8wHyMcZEyQYqsb+3gn7ndNw3VYvVlkFoNY+R2qn64I6ykZXRgQPPWisbhjg/5zWYR+mTRSVJT198xbNg1LQzF/hGNXV8TNv5flAs7B0bxKAroQE7BC/dzswEpASgYZTx6+fPxbB4B56mi1+Om119nFQyD0EoG5jYua7tl21gXuObAa9z+BAiTqiVTFbcbxPregOa85n5Xrki+tTs1qDDndX23kEZI3ANi3b8Yy0YflIcmJQBI7XSn7yaHjFl8Bli3WIwfXqsjueuLqqVqPOyq5Ukh4e/ihga947jg1d21kEjxoP4hxTPlfYvbqH2qUpXR1wsD4ACAds+TOjR2af31Y6X2Dkx78FTA/HtdOI4eAhOJ487s+oeDV+jTCvu9bbUWQHGlow8ERH5k2QoFnCrc4UqCbwbK2XtWCt3n3izyUxJgmRhyIObDDkMM+rE6JBTTZp6sOZB14eX4hvsE25O+2mhqNwBBOeJ0SXr1gpo55TCRxhvfccI5locIaVQvFwVktFNvDCwsyHwKZMNF1PNK16gGQ1tXQbntACeUm8yVPb85bHA/N9/0XMLrvmQ+iXT5ikoCRtC/jHZsJ887q3XyzbHbWv2fYklTG/3L4BgBEMj4heqLos2ZnBA01TrADacMHS5nuljH8iMQ3khdkUgjA9o+
Install

true
BDOS

false
Anti-VM

false
Install File

bedavasorgupaneli.exe
Install-Folder

%AppData%
Hosts

92.205.187.34
Mutex

teiZyYfZCVIa
Version

0.5.8
Delay

3
Group

Default
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

hQBVpzbZxg
Full Name

hQBVpzbZxg
EntryPoint

System.Void TqCbdvbOkoiFg.IIOMjEtFaisQW::Main()
Scope Name

hQBVpzbZxg
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

AsyncClient
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

120
Main Method

System.Void TqCbdvbOkoiFg.IIOMjEtFaisQW::Main()
Main IL Instruction Count

51
Main IL

ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String TqCbdvbOkoiFg.pEvRcnboUiUW::eOrKVRmjco call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean TqCbdvbOkoiFg.pEvRcnboUiUW::jLRNDKwqyHYZ() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean OUuNQYBxpD.CDqIKgryAZxQ::dwofgXCXKlebhNRn() brtrue IL_0043: ldsfld System.String TqCbdvbOkoiFg.pEvRcnboUiUW::WvKiedHxirsud ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String TqCbdvbOkoiFg.pEvRcnboUiUW::WvKiedHxirsud call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String TqCbdvbOkoiFg.pEvRcnboUiUW::UJTFrCiiFw call System.Void OUuNQYBxpD.HHlmLQvBIVGl::yCWmRGxCYohm() ldsfld System.String TqCbdvbOkoiFg.pEvRcnboUiUW::UJTFrCiiFw call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String TqCbdvbOkoiFg.pEvRcnboUiUW::YUlRSbuuXO call System.Void yCRYhGcQmsKkwWck.HfkrQujdDzVKqmN::mqUkXODyNm() ldsfld System.String TqCbdvbOkoiFg.pEvRcnboUiUW::YUlRSbuuXO call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void OUuNQYBxpD.jpOGplcRovYf::upYLNZBspFhFL() call System.Boolean OUuNQYBxpD.jpOGplcRovYf::dnZiOMZUwcXveH() brfalse IL_0089: call System.Void OUuNQYBxpD.jpOGplcRovYf::upYLNZBspFhFL() call System.Void OUuNQYBxpD.xxejNhiNCnvwh::mnwCKQeslM() call System.Void OUuNQYBxpD.jpOGplcRovYf::upYLNZBspFhFL() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean RfXIpsHTggwf.QSfkMlCRgMJQsND::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void RfXIpsHTggwf.QSfkMlCRgMJQsND::XXYLUPdbwfg() call System.Void RfXIpsHTggwf.QSfkMlCRgMJQsND::ApgfmSzskCgGj() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop
Module Name

hQBVpzbZxg
Full Name

hQBVpzbZxg
EntryPoint

System.Void TqCbdvbOkoiFg.IIOMjEtFaisQW::Main()
Scope Name

hQBVpzbZxg
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

AsyncClient
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

120
Main Method

System.Void TqCbdvbOkoiFg.IIOMjEtFaisQW::Main()
Main IL Instruction Count

51
Main IL

ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String TqCbdvbOkoiFg.pEvRcnboUiUW::eOrKVRmjco call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean TqCbdvbOkoiFg.pEvRcnboUiUW::jLRNDKwqyHYZ() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean OUuNQYBxpD.CDqIKgryAZxQ::dwofgXCXKlebhNRn() brtrue IL_0043: ldsfld System.String TqCbdvbOkoiFg.pEvRcnboUiUW::WvKiedHxirsud ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String TqCbdvbOkoiFg.pEvRcnboUiUW::WvKiedHxirsud call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String TqCbdvbOkoiFg.pEvRcnboUiUW::UJTFrCiiFw call System.Void OUuNQYBxpD.HHlmLQvBIVGl::yCWmRGxCYohm() ldsfld System.String TqCbdvbOkoiFg.pEvRcnboUiUW::UJTFrCiiFw call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String TqCbdvbOkoiFg.pEvRcnboUiUW::YUlRSbuuXO call System.Void yCRYhGcQmsKkwWck.HfkrQujdDzVKqmN::mqUkXODyNm() ldsfld System.String TqCbdvbOkoiFg.pEvRcnboUiUW::YUlRSbuuXO call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void OUuNQYBxpD.jpOGplcRovYf::upYLNZBspFhFL() call System.Boolean OUuNQYBxpD.jpOGplcRovYf::dnZiOMZUwcXveH() brfalse IL_0089: call System.Void OUuNQYBxpD.jpOGplcRovYf::upYLNZBspFhFL() call System.Void OUuNQYBxpD.xxejNhiNCnvwh::mnwCKQeslM() call System.Void OUuNQYBxpD.jpOGplcRovYf::upYLNZBspFhFL() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean RfXIpsHTggwf.QSfkMlCRgMJQsND::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void RfXIpsHTggwf.QSfkMlCRgMJQsND::XXYLUPdbwfg() call System.Void RfXIpsHTggwf.QSfkMlCRgMJQsND::ApgfmSzskCgGj() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop
Artefacts
Name
 Value
Key (AES_256)

WlZpMEZoY0xuR2t5REI4M1VaUHFlQThDdUZTcFdJbFc=
CnC

92.205.187.34
Mutex

teiZyYfZCVIa
4081aaa83fe8d7c1383491351eb7296e (49.15 KB)
File Structure
4081aaa83fe8d7c1383491351eb7296e
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Characteristics
Malware Configuration - AsyncRAT config.
Config. Field
 Value
Key (AES_256)

WlZpMEZoY0xuR2t5REI4M1VaUHFlQThDdUZTcFdJbFc=
Pastebin

-
Certificate

MIIE8jCCAtqgAwIBAgIQALZ70x25LR856+62fbSbtzANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjUxMTAyMDc1ODUyWhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAI0zxprtGLDWPnYO2M+cJqe2xlvh89hQPe72zwI0oo23Q6WByBFKRnJA83ZIcm4ulr0orDLyj/v2qp0XupkztScdbh/XtxcB4XcmtDkl87QWXskLlfvlIcrEPJxgpIXheubUl0vtmafHKh0EyC7S2JqW0gLWR2SRuBRuTYqmF5QPUW1BlSiInkBRN2JqXYT0qe2uFtlHtBm5orhXuSb6mubfXZELXhKfeO+ktlSwdsxnR4um/vuEqSij7EhSqRmgixOOz492RKF84Gz6xsI+wY8Utt6NOrZxwm+sphMK814yvdx47xqEWjioRDKaZM4HfhV7xinl5tvOcrc6w1rGmcLXeWGMgGUV11XXNCprhT1ZVEeQU+bIlumY/6ypJaJ1W7AwZvZ//Rycv+0iFkEcZFihoFdg2mdhk7MES7H9grz8dK1v34ZltErRuf1Aln8g3+j2r/6o5sg9RY8vHUfzNjY2ptH9vXyrfzuh941LxeH5/nVHDRCuHoCT0K1ux3b5JDpcC1sCvKnkVDIicudzfi0ZM11gQTw8JWzHPdjXxrTTcLeK5UNhwHo+AkM88qJeNTgPRpPic4H8krXDWPoxH0o6g5GDv8PNeQfREgD7f1kZIavoEfhKeGVsL3hC7Or2IPWkU/kCbFrW1JhugkO4aqjpIT0HgC/d55fbJloLLMwvAgMBAAGjMjAwMB0GA1UdDgQWBBQv+DQDQt5L3cCz/+unn7AQk1Uz0zAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQASf5PdoHa9Z2oGr3FyeUTT4fdNUobDdKXHjfajQ+D7m8ISoAZ98TVacfDYN4SUt0smdLfXPLMryZHmN4MSpA2BhTav7VI1Zo3ISxYOOb2gloIg08wY8zBT4e4VyOCfRjU0tOe95IkDs4MilljZHB/So+lDKm+6stKay3tLXq+rdZqWFEHGHstMp24k9jrcT69o1kZjfZGnc/g51dj66LvWKccwea5UfokRfB7UZ1AdkDT2MWZbunNTK4BpXRWvf9RfE3+vr7E3jYEpNKNYlsPRbyacnINOINU+fuuP5+APT+ipVomeCCgMPq2pTVB+21W4nM6H10eaXlAESfUfZYZEAbwo5pPI27GDCK7bd9RFKye+wIzPWNXrDrwZ1eMtPJptb2hSrJ21YPhv8a/0JnofDp+xVbfl4xH5+bbGVL2qBIPV0WefdjeeBouO016FDuFCm99oWCYJ3EXgRf9GSAIfIaqgTxdoPzirtd1VLM2BX4V47xlUpyYgRJ0/KI/yonK6/WzsrB9MzkPV6aVJ64bTGx97YuTE+4jcNQMBf0BK4PHKqDYFPdWKM1bcW9TDy5uPMl2KUejFcCfS2Q+pIdvvJGt4Yw13wcTLcwSbIVPgamBlOLetuvEm/ZOj70VdG0YbuTeBU30/pWFC3mlwr4ftnD/byRJ59dobqcdn3zfRFw==
ServerSignature

QVEhLCV8wHyMcZEyQYqsb+3gn7ndNw3VYvVlkFoNY+R2qn64I6ykZXRgQPPWisbhjg/5zWYR+mTRSVJT198xbNg1LQzF/hGNXV8TNv5flAs7B0bxKAroQE7BC/dzswEpASgYZTx6+fPxbB4B56mi1+Om119nFQyD0EoG5jYua7tl21gXuObAa9z+BAiTqiVTFbcbxPregOa85n5Xrki+tTs1qDDndX23kEZI3ANi3b8Yy0YflIcmJQBI7XSn7yaHjFl8Bli3WIwfXqsjueuLqqVqPOyq5Ukh4e/ihga947jg1d21kEjxoP4hxTPlfYvbqH2qUpXR1wsD4ACAds+TOjR2af31Y6X2Dkx78FTA/HtdOI4eAhOJ487s+oeDV+jTCvu9bbUWQHGlow8ERH5k2QoFnCrc4UqCbwbK2XtWCt3n3izyUxJgmRhyIObDDkMM+rE6JBTTZp6sOZB14eX4hvsE25O+2mhqNwBBOeJ0SXr1gpo55TCRxhvfccI5locIaVQvFwVktFNvDCwsyHwKZMNF1PNK16gGQ1tXQbntACeUm8yVPb85bHA/N9/0XMLrvmQ+iXT5ikoCRtC/jHZsJ887q3XyzbHbWv2fYklTG/3L4BgBEMj4heqLos2ZnBA01TrADacMHS5nuljH8iMQ3khdkUgjA9o+
Install

true
BDOS

false
Anti-VM

false
Install File

bedavasorgupaneli.exe
Install-Folder

%AppData%
Hosts

92.205.187.34
Mutex

teiZyYfZCVIa
Version

0.5.8
Delay

3
Group

Default
Artefacts
Name
 Value Location
Key (AES_256)

WlZpMEZoY0xuR2t5REI4M1VaUHFlQThDdUZTcFdJbFc=

Malicious

4081aaa83fe8d7c1383491351eb7296e
CnC

92.205.187.34

Malicious

4081aaa83fe8d7c1383491351eb7296e
Mutex

teiZyYfZCVIa

Malicious

4081aaa83fe8d7c1383491351eb7296e
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙