Malicious
8a95f70e998254f132b5270c74183bf6
PE Executable
MD5: 8a95f70e998254f132b5270c74183bf6
Size: 28.16 KB
application/x-dosexec
Ctrl + scroll to zoom · drag to pan
Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.
AI analysis is available with Essential.
Unlock with Essential
Symbol Obfuscation Score
Low
| MD5 | 8a95f70e998254f132b5270c74183bf6 |
| Sha1 | 7f645193d7060e8636e9ef740aceaf914d9717ec |
| Sha256 | a6ec0a5f8122e29d1e951b907f673da4b481ab5f4a368c5c171433640d53a3a0 |
| Sha384 | e6bcc44ff0bcf93edda7f4a118ed8bf151152a3171d6bf32f7690ea59004967b185d22708da9a9196c2a17d725b70ada |
| Sha512 | 4da5b9df1dcb35bd11bea21f1503064b5c041411b47a362c6f14e6fd1049d44593dcbc7abb741fc527d51813bced1c4d7291bbf29fbbc5ef15f33aa08265ba7e |
| SSDeep | 384:yN3SaTSXW9bVWw7HtZARPn9jnH9qbuUsMbQxnCJfJBndnjJ6JKci+:yN3SaT5Lt+zIbIBiBnLci+ |
| TLSH | 67C22B0837E4C571E2FD4ABA8833D6008B75E55B9913D76A6FC890AD2E237CD8A14FD4 |
STICH
beta
Structural Threat Infection Chain Hash
A content-independent fingerprint of the infection method: successive formats, internal objects and MITRE techniques from the initial file to each final payload.
STICH Path = the fingerprint (canonical chain with techniques)
STICH Shape = structure only
Only determinant branches produce STICH Paths.
Path
pe:exe>pe:rsrc>bin
Shape
pe:exe>pe:rsrc>bin
malicious
3 nodes
| Config. Field | Value |
|---|---|
| Key (AES_256) | Byhuhuhuhu |
| Pastebin | -huhuhuhu |
| Install | fhuhuhuhu |
| Install File | Tehuhuhuhu |
| Install-Folder | %huhuhuhu |
| Version | 0.huhuhuhu |
| Hosts | f8behuhuhuhu |
| Ports | 4huhuhuhu |
| Mutex | Aphuhuhuhu |
| Delay | 0huhuhuhu |
| Group | NYhuhuhuhu |
We extracted this malware's full configuration (C2, credentials, campaign IDs…).
Unlock with Essential
| Name | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Info | PDB Path: C:\new\Client\obj\Debug\F8BETAPP.pdb |
| Module Name | F8BETAPP.exe |
| Full Name | F8BETAPP.exe |
| EntryPoint | System.Void Client.Program::Main() |
| Scope Name | F8BETAPP.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | F8BETAPP |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.8 |
| Total Strings | 122 |
| Main Method | System.Void Client.Program::Main() |
| Main IL Instruction Count | 101 |
| Main IL | |
Key (AES_256)
MUTEXmalicious
Byhuhuhuhu
CnC
CNCmalicious
f8behuhuhuhu
Ports
PORTmalicious
4huhuhuhu
Mutex
MUTEXmalicious
Aphuhuhuhu
Full artefact values (URLs, paths, registry keys, scripts…) are available with Essential.
Unlock with Essential
| Config. Field | Value |
|---|---|
| Key (AES_256) | Byhuhuhuhu |
| Pastebin | -huhuhuhu |
| Install | fhuhuhuhu |
| Install File | Tehuhuhuhu |
| Install-Folder | %huhuhuhu |
| Version | 0.huhuhuhu |
| Hosts | f8behuhuhuhu |
| Ports | 4huhuhuhu |
| Mutex | Aphuhuhuhu |
| Delay | 0huhuhuhu |
| Group | NYhuhuhuhu |
We extracted this malware's full configuration (C2, credentials, campaign IDs…).
Unlock with Essential
Key (AES_256)
MUTEXmalicious
Byhuhuhuhu
8a95f70e998254f132b5270c74183bf6
CnC
CNCmalicious
f8behuhuhuhu
8a95f70e998254f132b5270c74183bf6
Ports
PORTmalicious
4huhuhuhu
8a95f70e998254f132b5270c74183bf6
Mutex
MUTEXmalicious
Aphuhuhuhu
8a95f70e998254f132b5270c74183bf6
Full artefact values (URLs, paths, registry keys, scripts…) are available with Essential.
Unlock with Essential
You must be signed in to view YARA rules.