Malicious
Malicious

88123607e768c3b83f83113babc0dbef

PE Executable
|
MD5: 88123607e768c3b83f83113babc0dbef
|
Size: 48.64 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
88123607e768c3b83f83113babc0dbef
Sha1
1f0c69a26b1671def02e494b77d2393c4f3c812a
Sha256
7c8c576731dd13174bd9289726bc59c98fa0db27515da65d5f3434c5c2921d02
Sha384
8bf655b182be126e7eda7082ef9977fd89252738e0d050a26e71ebb96b11e845e0d9816f110d747422ca10193734636b
Sha512
43bace642c48a58798450bbe6981a57a367ac5e5663efc823e61d064998f8c615813bc973e16083755e459915ec5c024ee9d6dab5dc472fe76ab471121193be2
SSDeep
768:wu/dRTUo0HQbWUnmjSmo2qM9vZQGVhPPIgoRsrNg0bzFc7vGog8hIcFJNJH+HAGb:wu/dRTUPE2bQFgoYbzFcTGohhz7NJHQ5
TLSH
3C232B003BED822BF27E4F7459F32156857AF2632A03D65E1CC441975B23FC69A426EE

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
88123607e768c3b83f83113babc0dbef
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - AsyncRAT config.
Config. Field
 Value
Key (AES_256)

NDJXeVdiZkM4OGE0WjFwTHJBMGRORzFmTGlESzhaWTc=
Pastebin

-
Certificate

MIIE8jCCAtqgAwIBAgIQAJ+6Hj9nwjPxGQwTS3zdOzANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjUwODMxMTUyNzE5WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKK8qpo8NRPF/Y81/aputEAs/PrWqh9EwZwULz2gwOUdiXIfXASiM07f3XuC6UZQjMfGRvlg/WmA3MGF92qi0znvc/P/GxSK2nKrJep+sD/5gmFF2cU7lS25O7yEfweXNUAmWL1UelH0Efjl6/Koiip7gGkwn0xWwzAABEK8rRzriS4di+kGCT0sYyC3OZMX2sORZlafCSg8Lm17wWzZl2f9KdTp0PR0Yrc0i1o69Neweb66KLAxMazRRAr2M0MVO7Wnosz8BGb7drEJOmQriad3ggiQJ31L6yQBYp1g9OC9p8+gpgeOUff7RpJCOjkVqN+XXlsQxR3h+2JGmbmLTzXK6XeS+DozY1rIvT6smMuog/cWgKxCCkJZXq1S/CHp8TqsRVp0KgjMcpmEnoXF6XyXr9ZMcce2hf/SQKtUukW+96DMNt7nZN638mxzI735ctNfsjcAvjA2V/vODBW9KkWbxVBYzSc8WPEbzHsZByOLpddbsX8GTnWoPqgLc+g2CdH6a5ZNzrPPF+SOr8drkgC5y7rcufqL+GvVazQckuioahQvGVGGPe8kdKTD00ETHkiwmUI8xLwIongu1AYbMNYAXdhRSJpnBgeNBlboAI32b46Qt0+Q5bHpJEzjwtpS9GnlP1j1HK4tQxSzlc+Oid+UfnrtuGW+ZRNfQvejrt0ZAgMBAAGjMjAwMB0GA1UdDgQWBBSzM5+kQdj7nVerUU7Z0+4neoLDDzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQCe2EUtxFsaYL1bs/Td7GHWTYiQpkogy6LFeBHKPcVwvm7QliMgdCCimg8Mgl4SzUI25caTNpOwaCJLsZOH8sgUVUXgvszjI34lLhLqs7m194M61X6qZqQiKt5b129UFR/WxFxU2DIX4MUzoVh9ppRpy+mIEtIL1HK+vY5Mc+5z7JSY8PJBYT2KF0/9z/IXzA21y8OXeqr8QcOF0eW9TqKo0kGIbDeu2f1eoruXXJOVLWXBNZMiBEqykNNqiV6/5ZG3nXDawVnHsY+W5Ixq/0FzaTkSdNGkEB6Sgkb5auVvc7Ew+N09SckVLw+VJUS9waWoBBP9Z65bT0Zf9WMmdV+lnFHBvkX3yb1lcPsSZtTYSJw+cENxv+d7ieKkkbcgRXABtGkw7qLE8fwkTkq5oAlMxNGLxvG01+UTeNz+kz+Dom2ZGdYWevnMU4nK+3v65OVi04xtxT0bo8BdoSl8jc+Yjwaot8OM9hoH4hAbVIH0RwWIA2sgXjHcsdzSSW41ZsZ2fNVv3jYwseS8CNWhSjZYGFSvq2SlaiNDJGY6Zo6R2xCm3n787xxkrLlwLKHgFvxeSn54yF+IzgQpb9HErQ/McauhgguFiPLGLlPS9JZQuAupXsdpFTjKXzOJglffpMdtFF7izga2MVNEdw90zAcCEsNn06HK6b+kLXTN0ccpIA==
ServerSignature

SgqUzyso3g66qJkDfzMSjSQRvYQnCvwlXqLH/OgWWkjSWBUe3udXMctD/sSBwu0xfPyIBjhkmrL75WKXoSMJZxNWdxRxxCakYSg5YlkxTOc5xkdHxuI2gQ+m+7CWEzOubWkS+q67n9oSho864FhTI2TKK9rrF0ATzmLjb63qq1RO449KZvARpxYgjB4qfnT/sgflMkPRNQs8G+LpKscXF4i52JPMIamMlKBx4xj7kznle3auDY/yzle4zrC+iLnq17lsRkWQsMITXO4zIffEZ4rlMgsTgdeH5Diae90deahHrLiT7/JFB3mAD3j8Yq+KhsjMO/MMBRGmH06XZh5UCP9ixWFhwfT/3XQRLcYArgxtGQTVb4NeKxuYz08rr6zRlb0muT8wyEmgKgntGMrAosE4bRzOA0otQ/hYim6hd9dSwu9b0q+AGtF3LOi/PnSn1ULcNj1pr6Kp0VtvUa2udmGt5FnSy6Hz4r0JWKVfEvrsaOlt2oEbKGdD7Sj2SbMw0xnOKVAQPo/OW0uyesCCBO2Sb0PttWmuHLJ5jFgTTKH6Cgkaj9b/D1wdREK/RoyLIPJEpWy4UwmMU0uGjHunWLFXKaEZK5kDiEtXbw2lhTJvUsinwZ2JNh2vGySTHsnVZGH1/DfRwqanbJlPk1vwGp1PitAKYB7D
Install

false
BDOS

false
Anti-VM

false
Install-Folder

%AppData%
Hosts

178.16.53.7
Ports

6606,7707,8808
Mutex

H5UPH7eQOq80
Version

0.5.8
Delay

3
Group

Default
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

SAWrrrFlgnWZ
Full Name

SAWrrrFlgnWZ
EntryPoint

System.Void uxNPlDMZMCpJY.UGsErLlNEpgiXbF::Main()
Scope Name

SAWrrrFlgnWZ
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

aa
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

120
Main Method

System.Void uxNPlDMZMCpJY.UGsErLlNEpgiXbF::Main()
Main IL Instruction Count

51
Main IL

ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String uxNPlDMZMCpJY.WgkyUrISzpyW::tiakQhBaupVFK call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean uxNPlDMZMCpJY.WgkyUrISzpyW::udcqOrADgtcY() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean dyddOZngYJrbT.JNxAdQuDVYBNV::vZuNKiPtsjvX() brtrue IL_0043: ldsfld System.String uxNPlDMZMCpJY.WgkyUrISzpyW::fwbRHfVLikNi ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String uxNPlDMZMCpJY.WgkyUrISzpyW::fwbRHfVLikNi call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String uxNPlDMZMCpJY.WgkyUrISzpyW::umbsHhVwLvoiN call System.Void dyddOZngYJrbT.NqaGjcFOUgS::TLrWEQWiFFZqfw() ldsfld System.String uxNPlDMZMCpJY.WgkyUrISzpyW::umbsHhVwLvoiN call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String uxNPlDMZMCpJY.WgkyUrISzpyW::xpNfbItldJvw call System.Void GrKYMLsYPjMq.fDUcaxgpgDLKj::AXXiBsZDfncIu() ldsfld System.String uxNPlDMZMCpJY.WgkyUrISzpyW::xpNfbItldJvw call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void dyddOZngYJrbT.zOykvhdQLsyOb::DXwsoVIsOV() call System.Boolean dyddOZngYJrbT.zOykvhdQLsyOb::AJsCsbfoXCVU() brfalse IL_0089: call System.Void dyddOZngYJrbT.zOykvhdQLsyOb::DXwsoVIsOV() call System.Void dyddOZngYJrbT.NVbSehWerpcvrV::SnIovyfFfPeC() call System.Void dyddOZngYJrbT.zOykvhdQLsyOb::DXwsoVIsOV() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean EWNFDwdJcnURZz.BnibOgtxRlo::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void EWNFDwdJcnURZz.BnibOgtxRlo::cZLyWkQhJizcMM() call System.Void EWNFDwdJcnURZz.BnibOgtxRlo::UzSPGHAlcnE() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop
Module Name

SAWrrrFlgnWZ
Full Name

SAWrrrFlgnWZ
EntryPoint

System.Void uxNPlDMZMCpJY.UGsErLlNEpgiXbF::Main()
Scope Name

SAWrrrFlgnWZ
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

aa
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

120
Main Method

System.Void uxNPlDMZMCpJY.UGsErLlNEpgiXbF::Main()
Main IL Instruction Count

51
Main IL

ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String uxNPlDMZMCpJY.WgkyUrISzpyW::tiakQhBaupVFK call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean uxNPlDMZMCpJY.WgkyUrISzpyW::udcqOrADgtcY() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean dyddOZngYJrbT.JNxAdQuDVYBNV::vZuNKiPtsjvX() brtrue IL_0043: ldsfld System.String uxNPlDMZMCpJY.WgkyUrISzpyW::fwbRHfVLikNi ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String uxNPlDMZMCpJY.WgkyUrISzpyW::fwbRHfVLikNi call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String uxNPlDMZMCpJY.WgkyUrISzpyW::umbsHhVwLvoiN call System.Void dyddOZngYJrbT.NqaGjcFOUgS::TLrWEQWiFFZqfw() ldsfld System.String uxNPlDMZMCpJY.WgkyUrISzpyW::umbsHhVwLvoiN call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String uxNPlDMZMCpJY.WgkyUrISzpyW::xpNfbItldJvw call System.Void GrKYMLsYPjMq.fDUcaxgpgDLKj::AXXiBsZDfncIu() ldsfld System.String uxNPlDMZMCpJY.WgkyUrISzpyW::xpNfbItldJvw call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void dyddOZngYJrbT.zOykvhdQLsyOb::DXwsoVIsOV() call System.Boolean dyddOZngYJrbT.zOykvhdQLsyOb::AJsCsbfoXCVU() brfalse IL_0089: call System.Void dyddOZngYJrbT.zOykvhdQLsyOb::DXwsoVIsOV() call System.Void dyddOZngYJrbT.NVbSehWerpcvrV::SnIovyfFfPeC() call System.Void dyddOZngYJrbT.zOykvhdQLsyOb::DXwsoVIsOV() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean EWNFDwdJcnURZz.BnibOgtxRlo::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void EWNFDwdJcnURZz.BnibOgtxRlo::cZLyWkQhJizcMM() call System.Void EWNFDwdJcnURZz.BnibOgtxRlo::UzSPGHAlcnE() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop
Artefacts
Name
 Value
Key (AES_256)

NDJXeVdiZkM4OGE0WjFwTHJBMGRORzFmTGlESzhaWTc=
CnC

178.16.53.7
Ports

6606
Ports

7707
Ports

8808
Mutex

H5UPH7eQOq80
88123607e768c3b83f83113babc0dbef (48.64 KB)
File Structure
88123607e768c3b83f83113babc0dbef
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Characteristics
Malware Configuration - AsyncRAT config.
Config. Field
 Value
Key (AES_256)

NDJXeVdiZkM4OGE0WjFwTHJBMGRORzFmTGlESzhaWTc=
Pastebin

-
Certificate

MIIE8jCCAtqgAwIBAgIQAJ+6Hj9nwjPxGQwTS3zdOzANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjUwODMxMTUyNzE5WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKK8qpo8NRPF/Y81/aputEAs/PrWqh9EwZwULz2gwOUdiXIfXASiM07f3XuC6UZQjMfGRvlg/WmA3MGF92qi0znvc/P/GxSK2nKrJep+sD/5gmFF2cU7lS25O7yEfweXNUAmWL1UelH0Efjl6/Koiip7gGkwn0xWwzAABEK8rRzriS4di+kGCT0sYyC3OZMX2sORZlafCSg8Lm17wWzZl2f9KdTp0PR0Yrc0i1o69Neweb66KLAxMazRRAr2M0MVO7Wnosz8BGb7drEJOmQriad3ggiQJ31L6yQBYp1g9OC9p8+gpgeOUff7RpJCOjkVqN+XXlsQxR3h+2JGmbmLTzXK6XeS+DozY1rIvT6smMuog/cWgKxCCkJZXq1S/CHp8TqsRVp0KgjMcpmEnoXF6XyXr9ZMcce2hf/SQKtUukW+96DMNt7nZN638mxzI735ctNfsjcAvjA2V/vODBW9KkWbxVBYzSc8WPEbzHsZByOLpddbsX8GTnWoPqgLc+g2CdH6a5ZNzrPPF+SOr8drkgC5y7rcufqL+GvVazQckuioahQvGVGGPe8kdKTD00ETHkiwmUI8xLwIongu1AYbMNYAXdhRSJpnBgeNBlboAI32b46Qt0+Q5bHpJEzjwtpS9GnlP1j1HK4tQxSzlc+Oid+UfnrtuGW+ZRNfQvejrt0ZAgMBAAGjMjAwMB0GA1UdDgQWBBSzM5+kQdj7nVerUU7Z0+4neoLDDzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQCe2EUtxFsaYL1bs/Td7GHWTYiQpkogy6LFeBHKPcVwvm7QliMgdCCimg8Mgl4SzUI25caTNpOwaCJLsZOH8sgUVUXgvszjI34lLhLqs7m194M61X6qZqQiKt5b129UFR/WxFxU2DIX4MUzoVh9ppRpy+mIEtIL1HK+vY5Mc+5z7JSY8PJBYT2KF0/9z/IXzA21y8OXeqr8QcOF0eW9TqKo0kGIbDeu2f1eoruXXJOVLWXBNZMiBEqykNNqiV6/5ZG3nXDawVnHsY+W5Ixq/0FzaTkSdNGkEB6Sgkb5auVvc7Ew+N09SckVLw+VJUS9waWoBBP9Z65bT0Zf9WMmdV+lnFHBvkX3yb1lcPsSZtTYSJw+cENxv+d7ieKkkbcgRXABtGkw7qLE8fwkTkq5oAlMxNGLxvG01+UTeNz+kz+Dom2ZGdYWevnMU4nK+3v65OVi04xtxT0bo8BdoSl8jc+Yjwaot8OM9hoH4hAbVIH0RwWIA2sgXjHcsdzSSW41ZsZ2fNVv3jYwseS8CNWhSjZYGFSvq2SlaiNDJGY6Zo6R2xCm3n787xxkrLlwLKHgFvxeSn54yF+IzgQpb9HErQ/McauhgguFiPLGLlPS9JZQuAupXsdpFTjKXzOJglffpMdtFF7izga2MVNEdw90zAcCEsNn06HK6b+kLXTN0ccpIA==
ServerSignature

SgqUzyso3g66qJkDfzMSjSQRvYQnCvwlXqLH/OgWWkjSWBUe3udXMctD/sSBwu0xfPyIBjhkmrL75WKXoSMJZxNWdxRxxCakYSg5YlkxTOc5xkdHxuI2gQ+m+7CWEzOubWkS+q67n9oSho864FhTI2TKK9rrF0ATzmLjb63qq1RO449KZvARpxYgjB4qfnT/sgflMkPRNQs8G+LpKscXF4i52JPMIamMlKBx4xj7kznle3auDY/yzle4zrC+iLnq17lsRkWQsMITXO4zIffEZ4rlMgsTgdeH5Diae90deahHrLiT7/JFB3mAD3j8Yq+KhsjMO/MMBRGmH06XZh5UCP9ixWFhwfT/3XQRLcYArgxtGQTVb4NeKxuYz08rr6zRlb0muT8wyEmgKgntGMrAosE4bRzOA0otQ/hYim6hd9dSwu9b0q+AGtF3LOi/PnSn1ULcNj1pr6Kp0VtvUa2udmGt5FnSy6Hz4r0JWKVfEvrsaOlt2oEbKGdD7Sj2SbMw0xnOKVAQPo/OW0uyesCCBO2Sb0PttWmuHLJ5jFgTTKH6Cgkaj9b/D1wdREK/RoyLIPJEpWy4UwmMU0uGjHunWLFXKaEZK5kDiEtXbw2lhTJvUsinwZ2JNh2vGySTHsnVZGH1/DfRwqanbJlPk1vwGp1PitAKYB7D
Install

false
BDOS

false
Anti-VM

false
Install-Folder

%AppData%
Hosts

178.16.53.7
Ports

6606,7707,8808
Mutex

H5UPH7eQOq80
Version

0.5.8
Delay

3
Group

Default
Artefacts
Name
 Value Location
Key (AES_256)

NDJXeVdiZkM4OGE0WjFwTHJBMGRORzFmTGlESzhaWTc=

Malicious

88123607e768c3b83f83113babc0dbef
CnC

178.16.53.7

Malicious

88123607e768c3b83f83113babc0dbef
Ports

6606

Malicious

88123607e768c3b83f83113babc0dbef
Ports

7707

Malicious

88123607e768c3b83f83113babc0dbef
Ports

8808

Malicious

88123607e768c3b83f83113babc0dbef
Mutex

H5UPH7eQOq80

Malicious

88123607e768c3b83f83113babc0dbef
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙