Malicious
72b66bac20017e024ccdef1c786c04ba
PE Executable
MD5: 72b66bac20017e024ccdef1c786c04ba
Size: 28.16 KB
application/x-dosexec
Ctrl + scroll to zoom · drag to pan
Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.
AI analysis is available with Essential.
Unlock with Essential
Symbol Obfuscation Score
Low
| MD5 | 72b66bac20017e024ccdef1c786c04ba |
| Sha1 | a3498ddeca65ce8bd339c08b19cfe0f0200e68f7 |
| Sha256 | 2d5b38af2b9b6b5b2a6fb2416322d4143cfabe6c958eac7ca34ba41be0f4831e |
| Sha384 | 593a5b4e9647b277e5a5b63d10ff289efa6fe9e6ee33f863650ba9101843de39284517807271c284cc53c19249093685 |
| Sha512 | b51395491aa860fa01bf577a24b958fdaa540e892a85c18fe322003bba2d2bbf68ff713e748b049c015d91d1e1b68384f20e1760211ca342723074e126120cc4 |
| SSDeep | 384:jgSVEEMiNPWmeOsVa/KFHbh0yH9qbuUscCbQxnCJfJBndnjJvKsbT+:jgSVXFg1VDHF0wIb1BBiBnesbT+ |
| TLSH | FFC23D0873E8C572D2FE0ABE883395009775D55B9913D75A6FC890AE2E23BCD8A14BD4 |
STICH
beta
Structural Threat Infection Chain Hash
A content-independent fingerprint of the infection method: successive formats, internal objects and MITRE techniques from the initial file to each final payload.
Structural branches: 1
STICH kept: 1
STICH Path = the fingerprint (canonical chain with techniques)
STICH Shape = structure only
Only determinant branches produce STICH Paths.
1 / 1
Path
pe:exe>pe:rsrc>bin
Shape
pe:exe>pe:rsrc>bin
malicious
3 nodes
| Config. Field | Value |
|---|---|
| Key (AES_256) | Byhuhuhuhu |
| Pastebin | -huhuhuhu |
| Install | fhuhuhuhu |
| Install File | Tehuhuhuhu |
| Install-Folder | %huhuhuhu |
| Version | 0.huhuhuhu |
| Hosts | 78whuhuhuhu |
| Ports | 4huhuhuhu |
| Mutex | Aphuhuhuhu |
| Delay | 0huhuhuhu |
| Group | NYhuhuhuhu |
We extracted this malware's full configuration (C2, credentials, campaign IDs…).
Unlock with Essential
| Name | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Info | PDB Path: C:\new\Client\obj\Debug\AU88APP.pdb |
| Module Name | AU88APP.exe |
| Full Name | AU88APP.exe |
| EntryPoint | System.Void Client.Program::Main() |
| Scope Name | AU88APP.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | AU88APP |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.8 |
| Total Strings | 122 |
| Main Method | System.Void Client.Program::Main() |
| Main IL Instruction Count | 101 |
| Main IL | |
Key (AES_256)
MUTEXmalicious
Byhuhuhuhu
CnC
CNCmalicious
78whuhuhuhu
Ports
PORTmalicious
4huhuhuhu
Mutex
MUTEXmalicious
Aphuhuhuhu
Full artefact values (URLs, paths, registry keys, scripts…) are available with Essential.
Unlock with Essential
| Config. Field | Value |
|---|---|
| Key (AES_256) | Byhuhuhuhu |
| Pastebin | -huhuhuhu |
| Install | fhuhuhuhu |
| Install File | Tehuhuhuhu |
| Install-Folder | %huhuhuhu |
| Version | 0.huhuhuhu |
| Hosts | 78whuhuhuhu |
| Ports | 4huhuhuhu |
| Mutex | Aphuhuhuhu |
| Delay | 0huhuhuhu |
| Group | NYhuhuhuhu |
We extracted this malware's full configuration (C2, credentials, campaign IDs…).
Unlock with Essential
Key (AES_256)
MUTEXmalicious
Byhuhuhuhu
72b66bac20017e024ccdef1c786c04ba
CnC
CNCmalicious
78whuhuhuhu
72b66bac20017e024ccdef1c786c04ba
Ports
PORTmalicious
4huhuhuhu
72b66bac20017e024ccdef1c786c04ba
Mutex
MUTEXmalicious
Aphuhuhuhu
72b66bac20017e024ccdef1c786c04ba
Full artefact values (URLs, paths, registry keys, scripts…) are available with Essential.
Unlock with Essential
You must be signed in to view YARA rules.