Malicious
Malicious

6507c9a87ddb7658473280a1dd46b50c

PE Executable
|
MD5: 6507c9a87ddb7658473280a1dd46b50c
|
Size: 65.02 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Low

Hash
 Hash Value
MD5
6507c9a87ddb7658473280a1dd46b50c
Sha1
2940dd79491a933d6e03c9a31675fcfde61c57c3
Sha256
ad14f3e10ababe1bc66802b2ba0e927639d50b8f4c8795009f0ecb9d7385644c
Sha384
703edccdc1020772508c6fc40ebf66db38b3ed88891ca8c25a686067d7f54b71cc5c0ba62d765ff5ba9b0887d4788ee9
Sha512
9bf8af8f3c5b9c3cd6b38fcba0c17726f091666be0a833bfad2acd04bc7de75cb3986e4948953304a8a7e2c7aabd169e4dbd2f813eb59c9e35c53c922af9966a
SSDeep
768:65G6KlZRniP/tkiY9Jquvwszp0aZeF1+ISCv7mqb2nJpwH1owA090qIZm8GxYVcD:62ZRAiVxpGFeGbbcwDA0WjGxYVclN
TLSH
E5536B002798C926E2AD46F8ACF2550146B5D5372006DB5E7CC814DBAB9FFCA5A133EF

PeID

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual Studio .NET
File Structure
6507c9a87ddb7658473280a1dd46b50c
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - DcRat config.
Config. Field
 Value
Key (AES_256)

SVo3WmRYN1lUUjVRQjhtcUI4a2VRMThDbXBlY2VCUk8=
Pastebin

-
Certificate

MIICMDCCAZmgAwIBAgIVAJC1F0+8ACYwU/p7ENoG93XElWGvMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTI1MDMwODE0MTMxOFoXDTM1MTIxNjE0MTMxOFowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKTZZedl1WYkKVRxax/P2DmkhrL90e+VWPN5oj+iM8Kl36gHEOGjYg3GRFa1eNfcomawa3npTiuGjsl8lRbXGAksmjGAofysP+ZX8QbTqIoGORbA08juie/g7Hvg95dhSr6KUnz2acr9Q3x8GlT+EpdiSuRZpZ1xUATiFzLmHqfLAgMBAAGjMjAwMB0GA1UdDgQWBBTEfxv0XWexLJNZxL/yywesEWdkcDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAG4WzFM9+kCyX2x8P0Msya6aMCcRz5wd1iirPdEVob67Iq+R9lTzWQs1nA48E8O/QvEeE5XDNS7ARSUhvkdxNWi6EHEgFKcIWkfMJJ/Y3ldezB/1vR1GNR1c3GrTAiq11BrqLDeloY0gyLONyUdIqNxQNZfIxY/PgufuywVDQ2XO
ServerSignature

OqgidBQvYMokDurerqgtFTyQIFFzbYFUbg5gQRwoxc2j9zTuknwlqwZ2+WmfSTGI2YYyv0HL/m2b7NORXadCRDbcIL5Uek2mDHV4FdylE24TrnjhLgKHlZmqivV9k59BcS4mMmE2ALxWdio8QsLLPs2uJOUdj9kK
Install

true
BDOS

false
Anti-VM

false
Install File

star.co.com
Install-Folder

%AppData%
Ports

80,443,2053,2083,8080,8848,8888
Mutex

DcRatMutex_qwqda
Version

1.0.7
Delay

1
Group

microsoft_support.exe
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

microsoft_support.exe
Full Name

microsoft_support.exe
EntryPoint

System.Void Client.Program::Main()
Scope Name

microsoft_support.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

microsoft_support
Assembly Version

1.0.7.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

157
Main Method

System.Void Client.Program::Main()
Main IL Instruction Count

77
Main IL

ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::De_lay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> ldsfld System.String Client.Settings::An_ti call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0047: leave IL_0052 call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() leave IL_0052: call System.Void Client.Helper.A::B() pop <null> leave IL_0052: call System.Void Client.Helper.A::B() call System.Void Client.Helper.A::B() call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue IL_0067: leave IL_0072 ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) leave IL_0072: nop pop <null> leave IL_0072: nop nop <null> ldsfld System.String Client.Settings::Anti_Process call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0087: leave IL_0092 call System.Void Client.Helper.AntiProcess::StartBlock() leave IL_0092: nop pop <null> leave IL_0092: nop nop <null> ldsfld System.String Client.Settings::BS_OD call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_00B1: leave IL_00BC call System.Boolean Client.Helper.Methods::IsAdmin() brfalse IL_00B1: leave IL_00BC call System.Void Client.Helper.ProcessCritical::Set() leave IL_00BC: nop pop <null> leave IL_00BC: nop nop <null> ldsfld System.String Client.Settings::In_stall call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_00D1: leave IL_00DC call System.Void Client.Install.NormalStartup::Install() leave IL_00DC: call System.Void Client.Helper.Methods::PreventSleep() pop <null> leave IL_00DC: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse IL_00F0: leave IL_00FB call System.Void Client.Helper.Methods::ClearSetting() leave IL_00FB: nop pop <null> leave IL_00FB: nop nop <null> call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue IL_0110: leave IL_011B call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() leave IL_011B: ldc.i4 5000 pop <null> leave IL_011B: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_00FB: nop
Module Name

microsoft_support.exe
Full Name

microsoft_support.exe
EntryPoint

System.Void Client.Program::Main()
Scope Name

microsoft_support.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

microsoft_support
Assembly Version

1.0.7.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

157
Main Method

System.Void Client.Program::Main()
Main IL Instruction Count

77
Main IL

ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::De_lay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> ldsfld System.String Client.Settings::An_ti call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0047: leave IL_0052 call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() leave IL_0052: call System.Void Client.Helper.A::B() pop <null> leave IL_0052: call System.Void Client.Helper.A::B() call System.Void Client.Helper.A::B() call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue IL_0067: leave IL_0072 ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) leave IL_0072: nop pop <null> leave IL_0072: nop nop <null> ldsfld System.String Client.Settings::Anti_Process call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0087: leave IL_0092 call System.Void Client.Helper.AntiProcess::StartBlock() leave IL_0092: nop pop <null> leave IL_0092: nop nop <null> ldsfld System.String Client.Settings::BS_OD call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_00B1: leave IL_00BC call System.Boolean Client.Helper.Methods::IsAdmin() brfalse IL_00B1: leave IL_00BC call System.Void Client.Helper.ProcessCritical::Set() leave IL_00BC: nop pop <null> leave IL_00BC: nop nop <null> ldsfld System.String Client.Settings::In_stall call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_00D1: leave IL_00DC call System.Void Client.Install.NormalStartup::Install() leave IL_00DC: call System.Void Client.Helper.Methods::PreventSleep() pop <null> leave IL_00DC: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse IL_00F0: leave IL_00FB call System.Void Client.Helper.Methods::ClearSetting() leave IL_00FB: nop pop <null> leave IL_00FB: nop nop <null> call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue IL_0110: leave IL_011B call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() leave IL_011B: ldc.i4 5000 pop <null> leave IL_011B: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_00FB: nop
Artefacts
Name
 Value
Key (AES_256)

SVo3WmRYN1lUUjVRQjhtcUI4a2VRMThDbXBlY2VCUk8=
Ports

80
Ports

443
Ports

2053
Ports

2083
Ports

8080
Ports

8848
Ports

8888
Mutex

DcRatMutex_qwqda
6507c9a87ddb7658473280a1dd46b50c (65.02 KB)
File Structure
6507c9a87ddb7658473280a1dd46b50c
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Characteristics
Malware Configuration - DcRat config.
Config. Field
 Value
Key (AES_256)

SVo3WmRYN1lUUjVRQjhtcUI4a2VRMThDbXBlY2VCUk8=
Pastebin

-
Certificate

MIICMDCCAZmgAwIBAgIVAJC1F0+8ACYwU/p7ENoG93XElWGvMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTI1MDMwODE0MTMxOFoXDTM1MTIxNjE0MTMxOFowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKTZZedl1WYkKVRxax/P2DmkhrL90e+VWPN5oj+iM8Kl36gHEOGjYg3GRFa1eNfcomawa3npTiuGjsl8lRbXGAksmjGAofysP+ZX8QbTqIoGORbA08juie/g7Hvg95dhSr6KUnz2acr9Q3x8GlT+EpdiSuRZpZ1xUATiFzLmHqfLAgMBAAGjMjAwMB0GA1UdDgQWBBTEfxv0XWexLJNZxL/yywesEWdkcDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAG4WzFM9+kCyX2x8P0Msya6aMCcRz5wd1iirPdEVob67Iq+R9lTzWQs1nA48E8O/QvEeE5XDNS7ARSUhvkdxNWi6EHEgFKcIWkfMJJ/Y3ldezB/1vR1GNR1c3GrTAiq11BrqLDeloY0gyLONyUdIqNxQNZfIxY/PgufuywVDQ2XO
ServerSignature

OqgidBQvYMokDurerqgtFTyQIFFzbYFUbg5gQRwoxc2j9zTuknwlqwZ2+WmfSTGI2YYyv0HL/m2b7NORXadCRDbcIL5Uek2mDHV4FdylE24TrnjhLgKHlZmqivV9k59BcS4mMmE2ALxWdio8QsLLPs2uJOUdj9kK
Install

true
BDOS

false
Anti-VM

false
Install File

star.co.com
Install-Folder

%AppData%
Ports

80,443,2053,2083,8080,8848,8888
Mutex

DcRatMutex_qwqda
Version

1.0.7
Delay

1
Group

microsoft_support.exe
Artefacts
Name
 Value Location
Key (AES_256)

SVo3WmRYN1lUUjVRQjhtcUI4a2VRMThDbXBlY2VCUk8=

Malicious

6507c9a87ddb7658473280a1dd46b50c
Ports

80

Malicious

6507c9a87ddb7658473280a1dd46b50c
Ports

443

Malicious

6507c9a87ddb7658473280a1dd46b50c
Ports

2053

Malicious

6507c9a87ddb7658473280a1dd46b50c
Ports

2083

Malicious

6507c9a87ddb7658473280a1dd46b50c
Ports

8080

Malicious

6507c9a87ddb7658473280a1dd46b50c
Ports

8848

Malicious

6507c9a87ddb7658473280a1dd46b50c
Ports

8888

Malicious

6507c9a87ddb7658473280a1dd46b50c
Mutex

DcRatMutex_qwqda

Malicious

6507c9a87ddb7658473280a1dd46b50c
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙