Malicious
Malicious

a04490d1fb800e033c96b3d296a2c2dc

PE Executable
|
MD5: a04490d1fb800e033c96b3d296a2c2dc
|
Size: 47.62 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Low

Hash
 Hash Value
MD5
a04490d1fb800e033c96b3d296a2c2dc
Sha1
f383130626ff025463e83bd904049bd99e5cf908
Sha256
75703089275d5587b45df00960ac934c62b5072dd74b55e2474a1a790f5a4332
Sha384
7e8cdc2d5947826068e7dd323c5d081c8829e5c4fd3a9ea64aa813d9bbcdfdf369735fef3d6eb564156bae0f5f6f9935
Sha512
3b8bdc5637434d163f2abaf88b6688212c57dc94a48f58e3adb466fc1013748ae8464e78e9679d6ec3e7eca47375d5a7f8cb7d057b28e63086b9acc25a29fc86
SSDeep
768:tjq/z5bX/wPLsekOicvHk3eHlWMPbPgF0qdp4XjmTn4YI6OCbKtYcFmVc6K:tj7seXvZH0ub4Frz4F6OSmmVcl
TLSH
0C233C003BE98136E1BE5FB89DF1114187BAE5633603D65E7CC841D61B13BCACA52AF6

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
a04490d1fb800e033c96b3d296a2c2dc
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - AsyncRAT config.
Config. Field
 Value
Key (AES_256)

aFl0bVBBQm10eXFGZkE5TFYwZm41dGhqcHBhbUhkNWc=
Pastebin

-
Certificate

MIIE8jCCAtqgAwIBAgIQAOD7cV0bLhEBFPJUOT6P5TANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjYwNTA2MTgwNzQ2WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALbogjSQruWZ6e0W50t6xywM9nWyeqB6w3E9sv4fVJXMYwr9+6VRn2+Ki0AZeEzTe+wEfgJ4mqX43+hYHMOORcyIlSPFiGT4Mmkr4PFr4j2qkdDWmIXU+8ntHW11259TEzscd4tCXZTcPwxqZvNuzYcHPIRieF+7mwR1Sd8I+vK0sb/6qxyvs4IBmRHvwfMjNQCqAns0/hG9udrcKLOA1VH1THpUs0lqqsOcAus0jQyZ+JBESBzrKlyZLRq+DnP6nHQMZfK5Y/tsNgI+QDZtCOXhRmhV+/75j8jI9jw/M0zfefSRXrgH3EdqyJ1DDJD3opv8jvSD6LjYjV1gSqNESwCysBnlOROWj4TEH9/J1T2xumjHOB+jOHfT1lGVjKt07vJv4sPQmG29cnZkgvX+04awtESinsWd/N3TLSPzQcmCxfcby4mOcA9ENpqxgpbHfnF6iwlMySHUx7Zev7a88+8viNiCgPCiMR+KZ2skp+q4Glv6S1ps+imkvFmpw1Mkzchw88kqNNCNmZfv0iM99TcechVO18QwHQOEgqd5dnrMsCz1wFSG4cTBR2yQIUCbwkp4WLVdTLX9wnXLuAY9/9pPpmVHS5lX1QAkf174nk+q8G7jiC34z5WsQhBPIrbgz0f35PjG7aWnoLCQmrmrA0FfWbSMqJPz8ACnZG1hWV59AgMBAAGjMjAwMB0GA1UdDgQWBBTEvxDfZyOhxLqEqvaD9fMUgotbojAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQBdhNBK8ZWmC6/XFqR6PyP3rCng2FylxxPWwjR0Y28fqDYFCigKuJ47wvF6VrJMD53xeLVODBbpVLHatiZFty39HWlool+VBGOAUoT/ZLuEZngviKIDWQMBJ/VGRj5LbzUV4ewAp4pj5nyjCxyR6NKJInwXo9U9SCENkWZgPP23CBzuoIY6eLaDImIlJdhZy1MEgqZgJInL802g1tt8twM3aAnWOHqd4dynfwnsUbGmiLYEOFDPkwMtV60dm3faknS7zX5FRwcyUpfvT6O3q8CrNOVVxgV1W7llDB8sZ7f8r7a22uVZAGMVUhW8bUVgPJbYPX525ihinHeNGuA+oG4h36Jecb/FRGOud/DkW3A/TfVkP/CD2QI2Zcebc4zdTxplERVtQruP+pIEu5dtFbl1izw0LFQ33v5yTHHYktLSFR6Q3TDIFArSPjDZ+M3E4oWg9uYWaaR0ZN0lluYEtTHdPp8KnVDpI4vUNph1o/Ku00DOeMC0Ji7cT/Gt0RFJwxplVxHJgH5WXhaIbQWqu+pEpRQvaHHPZenIrzklP96bbs92mpS0i2ehhJKJRaTNWl/1ENNE8qTy133E1oqqCrRFp4W2PaavI8FzO1GqUAAATIE8MmbScEWxX8cMCHgoQhMa8/nAIgzIyIr84auhmRQCyCMRCA3rKPAxEY6kYXfYnA==
ServerSignature

QpdVABtQJP6N4Ekir/sUnfajiBbZaWUByKP4Z08qD1+4nCVTT/Tw1hXUgqYEsEf5ZR607/D7/XR8aDBVX16zL/RzVctcWItQmwkZQMuMtzWHPQ/VEc7epY4H7+4SOKXFn/FOPAJ4mCyt1Jf96uYvLU+2+/yfyZNYPdjkl9LQ2M7VZcT+1zM/M2gKhVxsFBfvMvEgnBSCSa8wxF92ZBqHPGW0T5KhgWgTxo9XBr9C9hf3ScjaVe8YkwIlwF6BLVtMUaN9H+oqlpOoKHMm6jUIIP+XvSE6+Jv4jLW3242QxEnZ7ehSN7mBexIJoPuCFDfVQeGaLVIFz+reUDfkZLI6xCQil+zOixkstNUNXqEW4ScmV71SlwY/Nz8GP27WRjtZwIAOQql3eLakT5ZMbz5/oClrg2xN0w45LfzCxAxCv499TlagRIq4QhQlaS82VBpt+OFAkFL+FdOOzqMbBx4fsajfPxsNlCHSdt/QhEs1OY47zwoS2BKuYrVwAwndJ+QZE9O8tj/pLhtOZC3zpan7nmDYQy69+OLN8cWEdXPi+DApbPw/pcjgrE72O5B+ShhTMGj1vgN3jjdYIcUdU1jM+OPYLCOHioWOGSbRL3eMqIO64a+XeaXK82VcL27w33xqBi3gBP5/l55kh2I6h8YEtbqymtk1Sx6VrTlCgwyVCJM=
Install

true
BDOS

true
Anti-VM

true
Install File

system.exe
Install-Folder

%AppData%
Version

0.5.6A
Hosts

mestizo.co.com
Ports

80,443,6606,7707,8080,8808
Mutex

mestizo.co.com
Delay

5
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Stub.exe
Full Name

Stub.exe
EntryPoint

System.Void Client.Program::Main()
Scope Name

Stub.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Stub
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

130
Main Method

System.Void Client.Program::Main()
Main IL Instruction Count

53
Main IL

ldc.i4.0 <null> stloc.0 <null> br.s IL_0012: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::Delay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0004: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue.s IL_002C: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue.s IL_003A: ldsfld System.String Client.Settings::Anti ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String Client.Settings::Anti call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_004B: ldsfld System.String Client.Settings::Install call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() ldsfld System.String Client.Settings::Install call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_005C: ldsfld System.String Client.Settings::BDOS call System.Void Client.Install.NormalStartup::Install() ldsfld System.String Client.Settings::BDOS call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_0074: call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse.s IL_0074: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.ProcessCritical::Set() call System.Void Client.Helper.Methods::PreventSleep() newobj System.Void Client.Helper.CheckMiner::.ctor() call System.String Client.Helper.CheckMiner::GetProcess() pop <null> leave.s IL_0089: call System.Boolean Client.Connection.ClientSocket::get_IsConnected() pop <null> leave.s IL_0089: call System.Boolean Client.Connection.ClientSocket::get_IsConnected() call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue.s IL_009A: newobj System.Void System.Random::.ctor() call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() newobj System.Void System.Random::.ctor() ldc.i4 1000 ldc.i4 5000 callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0089: call System.Boolean Client.Connection.ClientSocket::get_IsConnected()
Module Name

Stub.exe
Full Name

Stub.exe
EntryPoint

System.Void Client.Program::Main()
Scope Name

Stub.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Stub
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

130
Main Method

System.Void Client.Program::Main()
Main IL Instruction Count

53
Main IL

ldc.i4.0 <null> stloc.0 <null> br.s IL_0012: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::Delay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0004: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue.s IL_002C: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue.s IL_003A: ldsfld System.String Client.Settings::Anti ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String Client.Settings::Anti call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_004B: ldsfld System.String Client.Settings::Install call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() ldsfld System.String Client.Settings::Install call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_005C: ldsfld System.String Client.Settings::BDOS call System.Void Client.Install.NormalStartup::Install() ldsfld System.String Client.Settings::BDOS call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_0074: call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse.s IL_0074: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.ProcessCritical::Set() call System.Void Client.Helper.Methods::PreventSleep() newobj System.Void Client.Helper.CheckMiner::.ctor() call System.String Client.Helper.CheckMiner::GetProcess() pop <null> leave.s IL_0089: call System.Boolean Client.Connection.ClientSocket::get_IsConnected() pop <null> leave.s IL_0089: call System.Boolean Client.Connection.ClientSocket::get_IsConnected() call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue.s IL_009A: newobj System.Void System.Random::.ctor() call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() newobj System.Void System.Random::.ctor() ldc.i4 1000 ldc.i4 5000 callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0089: call System.Boolean Client.Connection.ClientSocket::get_IsConnected()
Artefacts
Name
 Value
Key (AES_256)

aFl0bVBBQm10eXFGZkE5TFYwZm41dGhqcHBhbUhkNWc=
CnC

mestizo.co.com
Ports

80
Ports

443
Ports

6606
Ports

7707
Ports

8080
Ports

8808
Mutex

mestizo.co.com
a04490d1fb800e033c96b3d296a2c2dc (47.62 KB)
File Structure
a04490d1fb800e033c96b3d296a2c2dc
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Characteristics
Malware Configuration - AsyncRAT config.
Config. Field
 Value
Key (AES_256)

aFl0bVBBQm10eXFGZkE5TFYwZm41dGhqcHBhbUhkNWc=
Pastebin

-
Certificate

MIIE8jCCAtqgAwIBAgIQAOD7cV0bLhEBFPJUOT6P5TANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjYwNTA2MTgwNzQ2WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALbogjSQruWZ6e0W50t6xywM9nWyeqB6w3E9sv4fVJXMYwr9+6VRn2+Ki0AZeEzTe+wEfgJ4mqX43+hYHMOORcyIlSPFiGT4Mmkr4PFr4j2qkdDWmIXU+8ntHW11259TEzscd4tCXZTcPwxqZvNuzYcHPIRieF+7mwR1Sd8I+vK0sb/6qxyvs4IBmRHvwfMjNQCqAns0/hG9udrcKLOA1VH1THpUs0lqqsOcAus0jQyZ+JBESBzrKlyZLRq+DnP6nHQMZfK5Y/tsNgI+QDZtCOXhRmhV+/75j8jI9jw/M0zfefSRXrgH3EdqyJ1DDJD3opv8jvSD6LjYjV1gSqNESwCysBnlOROWj4TEH9/J1T2xumjHOB+jOHfT1lGVjKt07vJv4sPQmG29cnZkgvX+04awtESinsWd/N3TLSPzQcmCxfcby4mOcA9ENpqxgpbHfnF6iwlMySHUx7Zev7a88+8viNiCgPCiMR+KZ2skp+q4Glv6S1ps+imkvFmpw1Mkzchw88kqNNCNmZfv0iM99TcechVO18QwHQOEgqd5dnrMsCz1wFSG4cTBR2yQIUCbwkp4WLVdTLX9wnXLuAY9/9pPpmVHS5lX1QAkf174nk+q8G7jiC34z5WsQhBPIrbgz0f35PjG7aWnoLCQmrmrA0FfWbSMqJPz8ACnZG1hWV59AgMBAAGjMjAwMB0GA1UdDgQWBBTEvxDfZyOhxLqEqvaD9fMUgotbojAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQBdhNBK8ZWmC6/XFqR6PyP3rCng2FylxxPWwjR0Y28fqDYFCigKuJ47wvF6VrJMD53xeLVODBbpVLHatiZFty39HWlool+VBGOAUoT/ZLuEZngviKIDWQMBJ/VGRj5LbzUV4ewAp4pj5nyjCxyR6NKJInwXo9U9SCENkWZgPP23CBzuoIY6eLaDImIlJdhZy1MEgqZgJInL802g1tt8twM3aAnWOHqd4dynfwnsUbGmiLYEOFDPkwMtV60dm3faknS7zX5FRwcyUpfvT6O3q8CrNOVVxgV1W7llDB8sZ7f8r7a22uVZAGMVUhW8bUVgPJbYPX525ihinHeNGuA+oG4h36Jecb/FRGOud/DkW3A/TfVkP/CD2QI2Zcebc4zdTxplERVtQruP+pIEu5dtFbl1izw0LFQ33v5yTHHYktLSFR6Q3TDIFArSPjDZ+M3E4oWg9uYWaaR0ZN0lluYEtTHdPp8KnVDpI4vUNph1o/Ku00DOeMC0Ji7cT/Gt0RFJwxplVxHJgH5WXhaIbQWqu+pEpRQvaHHPZenIrzklP96bbs92mpS0i2ehhJKJRaTNWl/1ENNE8qTy133E1oqqCrRFp4W2PaavI8FzO1GqUAAATIE8MmbScEWxX8cMCHgoQhMa8/nAIgzIyIr84auhmRQCyCMRCA3rKPAxEY6kYXfYnA==
ServerSignature

QpdVABtQJP6N4Ekir/sUnfajiBbZaWUByKP4Z08qD1+4nCVTT/Tw1hXUgqYEsEf5ZR607/D7/XR8aDBVX16zL/RzVctcWItQmwkZQMuMtzWHPQ/VEc7epY4H7+4SOKXFn/FOPAJ4mCyt1Jf96uYvLU+2+/yfyZNYPdjkl9LQ2M7VZcT+1zM/M2gKhVxsFBfvMvEgnBSCSa8wxF92ZBqHPGW0T5KhgWgTxo9XBr9C9hf3ScjaVe8YkwIlwF6BLVtMUaN9H+oqlpOoKHMm6jUIIP+XvSE6+Jv4jLW3242QxEnZ7ehSN7mBexIJoPuCFDfVQeGaLVIFz+reUDfkZLI6xCQil+zOixkstNUNXqEW4ScmV71SlwY/Nz8GP27WRjtZwIAOQql3eLakT5ZMbz5/oClrg2xN0w45LfzCxAxCv499TlagRIq4QhQlaS82VBpt+OFAkFL+FdOOzqMbBx4fsajfPxsNlCHSdt/QhEs1OY47zwoS2BKuYrVwAwndJ+QZE9O8tj/pLhtOZC3zpan7nmDYQy69+OLN8cWEdXPi+DApbPw/pcjgrE72O5B+ShhTMGj1vgN3jjdYIcUdU1jM+OPYLCOHioWOGSbRL3eMqIO64a+XeaXK82VcL27w33xqBi3gBP5/l55kh2I6h8YEtbqymtk1Sx6VrTlCgwyVCJM=
Install

true
BDOS

true
Anti-VM

true
Install File

system.exe
Install-Folder

%AppData%
Version

0.5.6A
Hosts

mestizo.co.com
Ports

80,443,6606,7707,8080,8808
Mutex

mestizo.co.com
Delay

5
Artefacts
Name
 Value Location
Key (AES_256)

aFl0bVBBQm10eXFGZkE5TFYwZm41dGhqcHBhbUhkNWc=

Malicious

a04490d1fb800e033c96b3d296a2c2dc
CnC

mestizo.co.com

Malicious

a04490d1fb800e033c96b3d296a2c2dc
Ports

80

Malicious

a04490d1fb800e033c96b3d296a2c2dc
Ports

443

Malicious

a04490d1fb800e033c96b3d296a2c2dc
Ports

6606

Malicious

a04490d1fb800e033c96b3d296a2c2dc
Ports

7707

Malicious

a04490d1fb800e033c96b3d296a2c2dc
Ports

8080

Malicious

a04490d1fb800e033c96b3d296a2c2dc
Ports

8808

Malicious

a04490d1fb800e033c96b3d296a2c2dc
Mutex

mestizo.co.com

Malicious

a04490d1fb800e033c96b3d296a2c2dc
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙