Malicious
Malicious

425aa54937decaf828a7e67c3cae745a

PE Executable
|
MD5: 425aa54937decaf828a7e67c3cae745a
|
Size: 174.08 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Low

Hash
 Hash Value
MD5
425aa54937decaf828a7e67c3cae745a
Sha1
e446e560897ca38dbd42e6d4e0ad445bd70fbd67
Sha256
a998e142ad51d807c2aee6d835e12d494afc93f402559f7bbe0a3b18310f4652
Sha384
fd2d44b770c9107fb23ee4fc5bde2c0babcfd1992ecc627cd185c20de0f9572b44b54bd258e866d6241dc1e828772c93
Sha512
de079f76837f7e5e8147135249b58c7fa0da0eed23ced031af32705a60b63bfa4c01f3f91a00fc8018541f9edc26c56997f2295cc74a2a6285c30a26987a3ed6
SSDeep
3072:C+STW8djpN6izj8mZwDXP646U+UcoBU041k/SkQqIPu8i9b3J2cX4x6+Wpf:/8XN6W8mmm7kQXPJi9b5a
TLSH
74044A1437E85A19E3FF8FB8F4B002268B72B8236513E76F199558EE1D62744E450BB3

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
425aa54937decaf828a7e67c3cae745a
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - AsyncRAT config.
Config. Field
 Value
Key (AES_256)

b1pZaWhNMDFjc3JSdWk2WEhkR2xoVThJMjdnc2hxMGY=
Pastebin

-
Certificate

MIIE9jCCAt6gAwIBAgIQAKQXqY8ZdB/modqi69mWGTANBgkqhkiG9w0BAQ0FADAcMRowGAYDVQQDDBFXb3JsZFdpbmQgU3RlYWxlcjAgFw0yMTA3MTMwNDUxMDZaGA85OTk5MTIzMTIzNTk1OVowHDEaMBgGA1UEAwwRV29ybGRXaW5kIFN0ZWFsZXIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCnRXYoxuLqqgXdcvIAYWb9DuVRl5ZpdpPfoIgmb7Y9A9AuiddKNm4is8EvIlEh98bQD4OBaK0EGWuj7WuAcQPCCGuzHpDqFZbXR7iRqVn6TiLRsO0LCMB4ta4XLQ4JdTFXvnQHcGiUxHddH70T/2P2bBVY0W+PVJDzG3XUWHpYb4PVv7qaQr/DalR3qyyd5otzE1kIjJLCOCyI/9ntIcD/PbMTKVnCP4fzbnkNB+xy0PmQmx3WRWEF5q72TdgaKrCbOpR2C/+rfGIoPC6Ze6dqWO3bQLGt6jpCO8A4CtAaAYmiw1vHUOfP54BgI9ls1TjYO3Rn4R1jmhWBGV2pT5chrglgSxMzPhrxFTQljG78RlPCJmyagJbtnPL3AlV34sQggcbf+80FVeyechm/xrMTSWXrJQ+xek1HRJBDFoCJyUR7SuIUelOW24TU+rwl/2dcALLZXpjYu3/zvJjH4iaJXRCt7oWhfzIFG1bHBFr78kV9VP0H+ZNVb129eUr14F/uubAoIPAz2EHG/CXBZv9GkFuzw0NgsI1eP7AznCLdT+z91M+yB7vWtvclwQ5k6MxWDPOraG5JMjUHvKI6zvyZ4IQ2a7bUENDghxLAqIxgo7zfZMdrjbRxBlqW14oki6Um7GpGKEZ0s2Ip6K2yJHBLpbVxOYjyzrxohMguh+qvgQIDAQABozIwMDAdBgNVHQ4EFgQUmTejTtK6on20N0YJez5sAZdMe/kwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOCAgEAhauA0si7sHBd06DSGJgP5vJxL2daW30wR5XbAJd0HWj3QWfl7w27iyZ5AqBT4B0ojLNuMUG8mUOvpcoq0m80qUX7TIKUULKvb+i7uGGEDxk3W5F3es/CTUUWO0QlseWx9QEYziGlp6f3tkP4PTGSL0DywVRSa8l6f/B5kqwnW17CbQfJZ8vmy5snpDO/avgYssUnQtKQPhos7GbokNHps/bxEIRfLeprzQox20dw4RV59LcorjP5QV7Vc6FuYmhzC0nfRetTHckyxg66O3ekfTVs87MLiDV0ipQ+D/6k3g6DRuTdd4V2khjtI56ujSqTQ2PueNQXPu8y2fdsT2Rd1LcfxMS1xKAhSwhHfyy0I3JwzPG1D+sm3QNJEOoJviSNn5fYOFpY+mSEkFNMMeEbwOFdHxWbkiJk/Z8VwdH5I52tkHU3sRQMuZHtcKUc/SIt5Ivv6gtuEZQdm1GE6KUdiRB95s8JVGNlCcHX5bXbScu4eKCRQn3Cl+m5KR4EzI6hVP/iDRhVKj7Dn/blOHLzhNS5vW4X085dTP+1TBL8CHpQpiA3t8LfqfV1b/+WahOd3jNBNTXXfe/AQSjErgctLMdmOBpUQaJLOlcDcKGxWQdOo102nxg8Y/kFDARccywugoQxuIZpMYq74tjnJlJZ9kqR/LPrjmvx4v+0XFsaCPE=
ServerSignature

oih8uESxQ0evUtfWzKPk+yYinDUeS7CVPTYRY+XQO6Y8XLDWpABqhWs80gWE7ieDkSyQe5hxmUq0N63o0rC95PiydotOpYmawblstQMyRbesMQPC4n5l9WNqAa7qBd6wXARnR9/yjvU1WXvAIFQP7yJon6CTbUU+3vPLO4ldbJ03qJnaffUNiuIozKjAPSX8pq46tfPu140ATs+IsQOYM/kbFUIAfb4j5edtFZUXJsbSxI6YZGWvsN7mzNbLR5qP4H3OTtpIkT6lk7vTUSLYk0QDUV7jTGpuPnKCLGsoyp3+pMU0LRss2F7yGT8/8xVYbbqVCFxlNnIVG/7epYo+Ol/eExGaBs1vvIZg3a6RwdnfItLXmwIfoLWMPairV+sehceUS5wyWfWDC6Ll3pE1Al4OjoJcx/RRvf7/uEgs+T8YrEkcfx6k6Kkuh5yIqi8DYt8S2t01biBYtJBjBUw0eWf/vbD1RlPrJxkNQfT242Ig+vycFISb2HTeLSWb2jIS58Bq/QiBo3nQ0KklTtmAWFcb0Lc1zcqtjPuX93COEmvyTJQh2nn09mwUyMqu0XzKzi/PNZX32IYK3HyoFtkX3/QhI7JrsHW7qqk9JXEoEpWzUS1pRg8ldXuMZiLhQxuYPHNSuFbk9106yxOKH5cQLMUwEjStMA9oCixMkJXDqCE=
Install

false
BDOS

false
Anti-VM

false
Install-Folder

%AppData%
Hosts

127.0.0.1
Ports

6606,7707,8808
Mutex

AsyncMutex_6SI8OkPnk
Delay

3
Group

8610932651
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

MatchaOPCRACK.exe
Full Name

MatchaOPCRACK.exe
EntryPoint

System.Void Client.Program::Main()
Scope Name

MatchaOPCRACK.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

MatchaOPCRACK
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

1746
Main Method

System.Void Client.Program::Main()
Main IL Instruction Count

58
Main IL

ldc.i4.1 <null> call System.Void System.Net.ServicePointManager::set_Expect100Continue(System.Boolean) ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4.0 <null> stloc.0 <null> br.s IL_0022: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::Delay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0014: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue.s IL_003C: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.String Client.Program::Save() ldc.i4.0 <null> call System.Void Client.telegram::UploadFile(System.String,System.Boolean) call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue.s IL_0055: ldsfld System.String Client.Settings::Anti ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String Client.Settings::Anti call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_0066: ldsfld System.String Client.Settings::Install call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() ldsfld System.String Client.Settings::Install call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_0077: ldsfld System.String Client.Settings::BDOS call System.Void Client.Install.NormalStartup::Install() ldsfld System.String Client.Settings::BDOS call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_008F: call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse.s IL_008F: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.ProcessCritical::Set() call System.Void Client.Helper.Methods::PreventSleep() leave.s IL_0099: nop pop <null> leave.s IL_0099: nop nop <null> call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue.s IL_00AB: leave.s IL_00B0 call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() leave.s IL_00B0: ldc.i4 5000 pop <null> leave.s IL_00B0: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop
Module Name

MatchaOPCRACK.exe
Full Name

MatchaOPCRACK.exe
EntryPoint

System.Void Client.Program::Main()
Scope Name

MatchaOPCRACK.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

MatchaOPCRACK
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

1746
Main Method

System.Void Client.Program::Main()
Main IL Instruction Count

58
Main IL

ldc.i4.1 <null> call System.Void System.Net.ServicePointManager::set_Expect100Continue(System.Boolean) ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4.0 <null> stloc.0 <null> br.s IL_0022: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::Delay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0014: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue.s IL_003C: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.String Client.Program::Save() ldc.i4.0 <null> call System.Void Client.telegram::UploadFile(System.String,System.Boolean) call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue.s IL_0055: ldsfld System.String Client.Settings::Anti ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String Client.Settings::Anti call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_0066: ldsfld System.String Client.Settings::Install call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() ldsfld System.String Client.Settings::Install call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_0077: ldsfld System.String Client.Settings::BDOS call System.Void Client.Install.NormalStartup::Install() ldsfld System.String Client.Settings::BDOS call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_008F: call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse.s IL_008F: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.ProcessCritical::Set() call System.Void Client.Helper.Methods::PreventSleep() leave.s IL_0099: nop pop <null> leave.s IL_0099: nop nop <null> call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue.s IL_00AB: leave.s IL_00B0 call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() leave.s IL_00B0: ldc.i4 5000 pop <null> leave.s IL_00B0: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop
Artefacts
Name
 Value
Key (AES_256)

b1pZaWhNMDFjc3JSdWk2WEhkR2xoVThJMjdnc2hxMGY=
CnC

127.0.0.1
Ports

6606
Ports

7707
Ports

8808
Mutex

AsyncMutex_6SI8OkPnk
425aa54937decaf828a7e67c3cae745a (174.08 KB)
File Structure
425aa54937decaf828a7e67c3cae745a
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Characteristics
Malware Configuration - AsyncRAT config.
Config. Field
 Value
Key (AES_256)

b1pZaWhNMDFjc3JSdWk2WEhkR2xoVThJMjdnc2hxMGY=
Pastebin

-
Certificate

MIIE9jCCAt6gAwIBAgIQAKQXqY8ZdB/modqi69mWGTANBgkqhkiG9w0BAQ0FADAcMRowGAYDVQQDDBFXb3JsZFdpbmQgU3RlYWxlcjAgFw0yMTA3MTMwNDUxMDZaGA85OTk5MTIzMTIzNTk1OVowHDEaMBgGA1UEAwwRV29ybGRXaW5kIFN0ZWFsZXIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCnRXYoxuLqqgXdcvIAYWb9DuVRl5ZpdpPfoIgmb7Y9A9AuiddKNm4is8EvIlEh98bQD4OBaK0EGWuj7WuAcQPCCGuzHpDqFZbXR7iRqVn6TiLRsO0LCMB4ta4XLQ4JdTFXvnQHcGiUxHddH70T/2P2bBVY0W+PVJDzG3XUWHpYb4PVv7qaQr/DalR3qyyd5otzE1kIjJLCOCyI/9ntIcD/PbMTKVnCP4fzbnkNB+xy0PmQmx3WRWEF5q72TdgaKrCbOpR2C/+rfGIoPC6Ze6dqWO3bQLGt6jpCO8A4CtAaAYmiw1vHUOfP54BgI9ls1TjYO3Rn4R1jmhWBGV2pT5chrglgSxMzPhrxFTQljG78RlPCJmyagJbtnPL3AlV34sQggcbf+80FVeyechm/xrMTSWXrJQ+xek1HRJBDFoCJyUR7SuIUelOW24TU+rwl/2dcALLZXpjYu3/zvJjH4iaJXRCt7oWhfzIFG1bHBFr78kV9VP0H+ZNVb129eUr14F/uubAoIPAz2EHG/CXBZv9GkFuzw0NgsI1eP7AznCLdT+z91M+yB7vWtvclwQ5k6MxWDPOraG5JMjUHvKI6zvyZ4IQ2a7bUENDghxLAqIxgo7zfZMdrjbRxBlqW14oki6Um7GpGKEZ0s2Ip6K2yJHBLpbVxOYjyzrxohMguh+qvgQIDAQABozIwMDAdBgNVHQ4EFgQUmTejTtK6on20N0YJez5sAZdMe/kwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOCAgEAhauA0si7sHBd06DSGJgP5vJxL2daW30wR5XbAJd0HWj3QWfl7w27iyZ5AqBT4B0ojLNuMUG8mUOvpcoq0m80qUX7TIKUULKvb+i7uGGEDxk3W5F3es/CTUUWO0QlseWx9QEYziGlp6f3tkP4PTGSL0DywVRSa8l6f/B5kqwnW17CbQfJZ8vmy5snpDO/avgYssUnQtKQPhos7GbokNHps/bxEIRfLeprzQox20dw4RV59LcorjP5QV7Vc6FuYmhzC0nfRetTHckyxg66O3ekfTVs87MLiDV0ipQ+D/6k3g6DRuTdd4V2khjtI56ujSqTQ2PueNQXPu8y2fdsT2Rd1LcfxMS1xKAhSwhHfyy0I3JwzPG1D+sm3QNJEOoJviSNn5fYOFpY+mSEkFNMMeEbwOFdHxWbkiJk/Z8VwdH5I52tkHU3sRQMuZHtcKUc/SIt5Ivv6gtuEZQdm1GE6KUdiRB95s8JVGNlCcHX5bXbScu4eKCRQn3Cl+m5KR4EzI6hVP/iDRhVKj7Dn/blOHLzhNS5vW4X085dTP+1TBL8CHpQpiA3t8LfqfV1b/+WahOd3jNBNTXXfe/AQSjErgctLMdmOBpUQaJLOlcDcKGxWQdOo102nxg8Y/kFDARccywugoQxuIZpMYq74tjnJlJZ9kqR/LPrjmvx4v+0XFsaCPE=
ServerSignature

oih8uESxQ0evUtfWzKPk+yYinDUeS7CVPTYRY+XQO6Y8XLDWpABqhWs80gWE7ieDkSyQe5hxmUq0N63o0rC95PiydotOpYmawblstQMyRbesMQPC4n5l9WNqAa7qBd6wXARnR9/yjvU1WXvAIFQP7yJon6CTbUU+3vPLO4ldbJ03qJnaffUNiuIozKjAPSX8pq46tfPu140ATs+IsQOYM/kbFUIAfb4j5edtFZUXJsbSxI6YZGWvsN7mzNbLR5qP4H3OTtpIkT6lk7vTUSLYk0QDUV7jTGpuPnKCLGsoyp3+pMU0LRss2F7yGT8/8xVYbbqVCFxlNnIVG/7epYo+Ol/eExGaBs1vvIZg3a6RwdnfItLXmwIfoLWMPairV+sehceUS5wyWfWDC6Ll3pE1Al4OjoJcx/RRvf7/uEgs+T8YrEkcfx6k6Kkuh5yIqi8DYt8S2t01biBYtJBjBUw0eWf/vbD1RlPrJxkNQfT242Ig+vycFISb2HTeLSWb2jIS58Bq/QiBo3nQ0KklTtmAWFcb0Lc1zcqtjPuX93COEmvyTJQh2nn09mwUyMqu0XzKzi/PNZX32IYK3HyoFtkX3/QhI7JrsHW7qqk9JXEoEpWzUS1pRg8ldXuMZiLhQxuYPHNSuFbk9106yxOKH5cQLMUwEjStMA9oCixMkJXDqCE=
Install

false
BDOS

false
Anti-VM

false
Install-Folder

%AppData%
Hosts

127.0.0.1
Ports

6606,7707,8808
Mutex

AsyncMutex_6SI8OkPnk
Delay

3
Group

8610932651
Artefacts
Name
 Value Location
Key (AES_256)

b1pZaWhNMDFjc3JSdWk2WEhkR2xoVThJMjdnc2hxMGY=

Malicious

425aa54937decaf828a7e67c3cae745a
CnC

127.0.0.1

Malicious

425aa54937decaf828a7e67c3cae745a
Ports

6606

Malicious

425aa54937decaf828a7e67c3cae745a
Ports

7707

Malicious

425aa54937decaf828a7e67c3cae745a
Ports

8808

Malicious

425aa54937decaf828a7e67c3cae745a
Mutex

AsyncMutex_6SI8OkPnk

Malicious

425aa54937decaf828a7e67c3cae745a
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙