54e2fcca80961757e59bd757d5de54a3

PE Executable
|
MD5: 54e2fcca80961757e59bd757d5de54a3
|
Size: 48.13 KB
|
application/x-dosexec

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	54e2fcca80961757e59bd757d5de54a3
Sha1	de3e0ae92b71234243d43951b20a2043ad7bb038
Sha256	a63a7a2b0ce0293c96c0c41bc5cdd31dd11fe9cd377915836c773c71eaf72007
Sha384	098cb4f62f83ac05cb876a801530e0b92377959a5afee81ef3d0bb41ca4be1a43e201ca194be8425be177eea88accdfa
Sha512	fc3483cc47534d130ee06fa9fe57a9c22fd7982cb396686dd3942e59fba96a3e8065feef3c9217e462667ede3937fbb5ba50ab4191101d939f40f77ace83363b
SSDeep	768:1seY5qqfyAacveEK2fC+enm51a5vXglLAeb1igUptwcjWrAK8RccqrWBNOK:Sq6acM2f2na1NVxb7U3ZjWrvYcd2OK
TLSH	B3232B043BE95226E2FE9F7959F11645CA7AF6132502D74E1CC002CE4A23BC6DE527F6

File Structure

Malware Configuration - AsyncRAT config.

Config. Field0	Value
Key (AES_256)	b2gwVnJVUFNLNlRFY3VIeEd1N1owNFhyY2JBOE13Ymk=
Pastebin	-
Certificate	MIIE8jCCAtqgAwIBAgIQAOMIvJPAU6LoP1Ucn44URzANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjUxMDEwMTUyNzE4WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMXIq2ZA/jJ6LqmJGt1rYqqRdZPRXwNyyKcb+mZQKYs2mhUhuGFyzSUUaIwdDRHkKDehdsn7ThmR3A3Go0gVS7AbXTAiVIzaOGEcqOnk12R3pQAAhE1eg5FhJ4QR6RoMsy73RjfrTKzomDjYmBbYhqEibAQEQnXvzyHnQAt70gsGEgYQhORrrdt94mCNJjEBqNEaENt3Mrvfs6vy0Yi2C8UVQuEHLuo60mvJklgolqOwbsepmq8UXmWsAXHH2hZNtkpbtWg1yx0n7cCWIcuhfTQaS3X1oRWxaAfQt7RlhuH0oi3NOvfJgJVzG1O/8cajSpf8HvuCs+UmI56GddgwKVaK0eI3PpdNm2aLhrsEpeT284na8SafREXiNp/eGUaraecKpbIpGKriILHvLFfufUUVOMTcHfBwVgc4mNnN2HTULyiLem7HW3ckGH7KKQPSn0pIWWAPNP87E+T2m8XODiiBGDk7ejBIJJzDaa0s5e4YV+Un0ahrzznagr61oO45kI3I3P9b23sGOElZHFRKQZAj3XLJOkiVR8mYyI1XhRf8TeQ8KU/Bzw7PBHwWxGmB61nSuMkG/hPYiXMJoBE6tnnV+eoUZlkOcMeb+BgySVjgLQ+VEeQ5k+mu07HIywoCCJIV4MX3wINpYN+73ri0OhydwnhdwbRLcL5VWvJ2Zn9HAgMBAAGjMjAwMB0GA1UdDgQWBBQCPTDYFWNH7puRgZKDd7JocFZ0ozAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQCrI7jtFXmaNl1njhz/YjZhKPVip/xE1PAZ4WV2axz6zXunVZwVWXOzD6LDfkoDWQXhzlmrLMtbRbWUBBNn13oFsY742YCXr8oz3XKUN+cbtQq3Mfpe/mVe2fkZ1VQQXKHQXNzDkwJsp8VCzPhRW/Skd1bRAZpkBiO8W7aXysJKaGje+2kmnstBRjYtSWWUej7xr5mtL8BcnglJWJICHMqgQJF+1bp8Li26hJQIMIO+JSZQ6XZ7g7H2wNCJMX3hw2pUwRSOvvZexjM7M8p9yVWf0d10CoR6cVt24vYr4S5ERLYnVnX53AnsPgCJ0Z42qddqK2ak0M0FUGFC8i4eMCRBNLZbEnx0jWjNM90I3lYcYOVt1JyE/LTt7v99/LI8pA/QGGosgAVkwxHifPGnf3oaZW5lixD4KBlpodHVJCowsX4DQULEPlj9k4VyEGft/4Pb7P15GBWa5bWUji+km8H1jzJCEsWDgzyGZcwAXHDgwT4O1rTV3Y0ayRH7T+MOh5utBnRxNEUcbg92RRhnQBCYBcBVsBv8fwQccH+pA/vUnYDBXFC7zeIAVpCmY3mmixPoAkcsivGuX8S+24swHKCRrVUA68ge6sv+D94tFLfDSRqHcwZ5UDa2qcOFmC3KIibkiOt7kztUNFBwlpsAyYe2mMRLRUMicHXGVkODAfsNVA==
ServerSignature	JDKMPV/e33fGaB6yHVtRiszVzdGeD7xhTdDjLfZ+CSepZnIiylmxSRWBNvf01kw7S12aJ2dl6Y+jwtF9u3SxvVtVbS6XGbWyzVrxNzAcpzegEN4PbWerFT+RS5EVZ8M18Dwgt5EQyrv+YjUDERaeo053IniGrhz9jmmsucoW+N2s1c87QZ2lZbfAdwtHLrvo5TvK9rM58sbIhvkT/zK9Nvtpox2aQBmeCMPv19PkODicM8Zwy+9Br0fYl7OE05E35GiB7Z8dOPBDaeIctAYipGVXSDyRDnSOCW5B/Ik2nq28U2bYfZO4ROQvE0537JuWEmY7OSy8/VSTILK9lJZIpSSQQZTwTzMHmGvvdpNEb55/oTJi5mtKQo54dHrblXIrckKXQkVUtIDqvYNWN1RKBNOHb6qxj+doIFjJtyDQTrDJq6nMD2y8dpiKstIqVIndfnL/FO5hT8yAChTW4Epa0l5LPH//+YT2OIn528fsCY4nz7KQg618sDGSMANant09jf56E+cJPSGZYeeQteAmzmOiITLGm2NwoWf3KA0hvzW5zSNrG+Ort37Rstxft5oc9O/AE7ESGgTW1yDp0eFpnR3CplGS8rB1jw63Bk9sbX54nte/A3sZoYWCzDF/1tnOuNiIsLPqfMAk9FoVbD1UXsb4Z7Xjji8NG7Bdmirw7f4=
Install	true
BDOS	false
Anti-VM	true
Install File	gv2.exe
Install-Folder	%AppData%
Hosts	livecdnem.com,www.livecdnem.com,xoilac.livecdnem.com,www.xoilac.livecdnem.com,xlz.livecdnem.com,www.xlz.livecdnem.com,91p.livecdnem.com,www.91p.livecdnem.com,ck.livecdnem.com,www.ck.livecdnem.com,xl365.livecdnem.com,www.xl365.livecdnem.com,soco.livecdnem.com,www.soco.livecdnem.com,xlvi.livecdnem.com,www.xlvi.livecdnem.com
Ports	25,80,443,8443
Mutex	lM9F7Ezcu9e3
Version	0.5.8
Delay	9

Informations

Name0	Value
Info	PE Detect: PeReader OK (file layout)
Info	PDB Path: C:\Users\vboxuser\Desktop\SourceDecode\gatex\obj\Release\net481\gv2.pdb
Module Name	gv2.exe
Full Name	gv2.exe
EntryPoint	System.Void Client.Program::Main()
Scope Name	gv2.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	gv2
Assembly Version	1.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.8.1
Total Strings	128
Main Method	System.Void Client.Program::Main()
Main IL Instruction Count	69
Main IL	ldc.i4.0 <null> stloc.0 <null> br.s IL_0012: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::Delay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0004: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue.s IL_002C: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue.s IL_003E: ldsfld System.String Client.Settings::Anti ldstr Mutex already exists or cannot be created. call System.Void System.Console::WriteLine(System.String) ldsfld System.String Client.Settings::Anti call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_004F: ldsfld System.String Client.Settings::Install call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() ldsfld System.String Client.Settings::Install call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_009D: ldsfld System.String Client.Settings::BDOS call System.Void Client.Install.NormalStartup::Install() leave.s IL_009D: ldsfld System.String Client.Settings::BDOS stloc.1 <null> ldstr Win32Exception caught: {0} - {1} ldloc.1 <null> callvirt System.Int32 System.ComponentModel.Win32Exception::get_NativeErrorCode() box System.Int32 ldloc.1 <null> callvirt System.String System.Exception::get_Message() call System.String System.String::Format(System.String,System.Object,System.Object) call System.Void System.Console::WriteLine(System.String) leave.s IL_009D: ldsfld System.String Client.Settings::BDOS stloc.2 <null> ldstr Other exception: ldloc.2 <null> callvirt System.String System.Exception::get_Message() call System.String System.String::Concat(System.String,System.String) call System.Void System.Console::WriteLine(System.String) leave.s IL_009D: ldsfld System.String Client.Settings::BDOS ldsfld System.String Client.Settings::BDOS call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_00B5: call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse.s IL_00B5: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.ProcessCritical::Set() call System.Void Client.Helper.Methods::PreventSleep() leave.s IL_00BF: nop pop <null> leave.s IL_00BF: nop nop <null> call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue.s IL_00D1: leave.s IL_00D6 call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() leave.s IL_00D6: ldc.i4 5000 pop <null> leave.s IL_00D6: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_00BF: nop

Artefacts

Name0	Value
Key (AES_256)	b2gwVnJVUFNLNlRFY3VIeEd1N1owNFhyY2JBOE13Ymk=
CnC	livecdnem.com
CnC	www.livecdnem.com
CnC	xoilac.livecdnem.com
CnC	www.xoilac.livecdnem.com
CnC	xlz.livecdnem.com
CnC	www.xlz.livecdnem.com
CnC	91p.livecdnem.com
CnC	www.91p.livecdnem.com
CnC	ck.livecdnem.com
CnC	www.ck.livecdnem.com
CnC	xl365.livecdnem.com
CnC	www.xl365.livecdnem.com
CnC	soco.livecdnem.com
CnC	www.soco.livecdnem.com
CnC	xlvi.livecdnem.com
CnC	www.xlvi.livecdnem.com
Ports	25
Ports	80
Ports	443
Ports	8443
Mutex	lM9F7Ezcu9e3

54e2fcca80961757e59bd757d5de54a3 (48.13 KB)

54e2fcca80961757e59bd757d5de54a3

PE Executable | MD5: 54e2fcca80961757e59bd757d5de54a3 | Size: 48.13 KB | application/x-dosexec

PE Executable
|
MD5: 54e2fcca80961757e59bd757d5de54a3
|
Size: 48.13 KB
|
application/x-dosexec