a079a1c5b89476c8864fb198e3adceac

PE Executable
|
MD5: a079a1c5b89476c8864fb198e3adceac
|
Size: 530.37 KB
|
application/x-dosexec

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	a079a1c5b89476c8864fb198e3adceac
Sha1	c96a4f799bc91a79873f410d3f52b7617c7cb114
Sha256	31ed9da35b7d67a03adede508830880b3af7d04207ca899752848fd2d1ae6718
Sha384	2b404896153317e904cf8cd4c8bb6c612f6f1098a1e78d88cef2fc54a2427da112128ce889288ef170df8bdee5587c2e
Sha512	8cb31dc78c05b017393d3f53922777505d1bf9e5a26f768c4aad59beb0d63f61a410b4a98f617970ff04826bbab40cb7116f104f6a013d9ae96bffa736a3b114
SSDeep	12288:OzwxXnQTwaXirJ7utIeT1JvQ7Jnn9+W5AciIlw0P6s97:RXnwxw7610n9+W5ADINp97
TLSH	64B4BF35F6C48433D17B5A74ADF692854439FF602838588B3AF80C5C8B7B7826A653E7

PeID

.NET executable

Microsoft Visual C# / Basic .NET

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL

Microsoft Visual C# v7.0 / Basic .NET

Microsoft Visual C++ v6.0 DLL

Microsoft Visual Studio .NET

Pe123 v2006.4.4-4.12

RPolyCryptor V1.4.2 -> Vaska

File Structure

Malware Configuration - DcRat config.

Config. Field0	Value
Key (AES_256)	Tk1CblFiZGlISXdWTFdZTjE0YTZTaTFxY2lsb0JaVlc=
Ports	8080
Hosts	157.97.11.134
Version	1.0.7
Install	true
Install-Folder	%Temp%
Install File	RuntimeBroker.exe
Mutex	runtime
Certificate	MIICMDCCAZmgAwIBAgIVAI7IWFdXoYnjjoSxMJDHb6HBFJn1MA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTI0MDQxODEzMjEwOVoXDTM1MDEyNjEzMjEwOVowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALT9HoU3FTIku/OY1kDBgataFW6WNOLw5Kr4PQBcIAW+eQCRPqXe8pCJ89xeoz7llUynZuWY5kPrgcvkyL1LXpQ0yNAIYRI3h2cfWbPdcPhU2BRbA7W2u6F6j8207y3BD7LQnH/KS9mFBgiQ4SS81+UEo3CUtIAEtjhrdwOhn/dnAgMBAAGjMjAwMB0GA1UdDgQWBBQyzJHqSgEuupWcwHXOseEbn1ePfjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAGJqNSazZndg2f4qFC1ocXyQReXVteC/sgFLksqBN2SHvuGIeyT8ghEq0EjA+tnPL5uIR1GjTPAjC0jVlZ34Vqiv/2eLJfbUBdxpGwSHfCopfWkU2Pi9qNP4ZijU0vffhVLMBAtDA/bH79vy+c8a0z4n/iHQe7FuE1vRttS1/7G3
ServerSignature	OFU+CR24NE7iVF7hXg43RmMcCExE1giKKHJCZGkfqQGaiAyi5KRx1J4qDQJ15q61fe2e20ezIEoiEaxRQyGYlIFqHvkvW4c/jJlj3nXIg8FTl7TKBkWKMznZWhCu+8yrroLvqNr8XJgVIbdNNxQpfVdo1cBoNpjS
Anti-VM	null
PasteBin	true
BDOS	1
Delay	Default
Group	false

Artefacts

Name0	Value
Key (AES_256)	Tk1CblFiZGlISXdWTFdZTjE0YTZTaTFxY2lsb0JaVlc=
Ports	8080
CnC	157.97.11.134
Mutex	runtime

a079a1c5b89476c8864fb198e3adceac (530.37 KB)

File Structure

Characteristics

Malware Configuration - DcRat config.

Config. Field0	Value
Key (AES_256)	Tk1CblFiZGlISXdWTFdZTjE0YTZTaTFxY2lsb0JaVlc=
Ports	8080
Hosts	157.97.11.134
Version	1.0.7
Install	true
Install-Folder	%Temp%
Install File	RuntimeBroker.exe
Mutex	runtime
Certificate	MIICMDCCAZmgAwIBAgIVAI7IWFdXoYnjjoSxMJDHb6HBFJn1MA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTI0MDQxODEzMjEwOVoXDTM1MDEyNjEzMjEwOVowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALT9HoU3FTIku/OY1kDBgataFW6WNOLw5Kr4PQBcIAW+eQCRPqXe8pCJ89xeoz7llUynZuWY5kPrgcvkyL1LXpQ0yNAIYRI3h2cfWbPdcPhU2BRbA7W2u6F6j8207y3BD7LQnH/KS9mFBgiQ4SS81+UEo3CUtIAEtjhrdwOhn/dnAgMBAAGjMjAwMB0GA1UdDgQWBBQyzJHqSgEuupWcwHXOseEbn1ePfjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAGJqNSazZndg2f4qFC1ocXyQReXVteC/sgFLksqBN2SHvuGIeyT8ghEq0EjA+tnPL5uIR1GjTPAjC0jVlZ34Vqiv/2eLJfbUBdxpGwSHfCopfWkU2Pi9qNP4ZijU0vffhVLMBAtDA/bH79vy+c8a0z4n/iHQe7FuE1vRttS1/7G3
ServerSignature	OFU+CR24NE7iVF7hXg43RmMcCExE1giKKHJCZGkfqQGaiAyi5KRx1J4qDQJ15q61fe2e20ezIEoiEaxRQyGYlIFqHvkvW4c/jJlj3nXIg8FTl7TKBkWKMznZWhCu+8yrroLvqNr8XJgVIbdNNxQpfVdo1cBoNpjS
Anti-VM	null
PasteBin	true
BDOS	1
Delay	Default
Group	false

Artefacts

Name0	Value	Location
Key (AES_256)	Tk1CblFiZGlISXdWTFdZTjE0YTZTaTFxY2lsb0JaVlc= Malicious	a079a1c5b89476c8864fb198e3adceac
Ports	8080 Malicious	a079a1c5b89476c8864fb198e3adceac
CnC	157.97.11.134 Malicious	a079a1c5b89476c8864fb198e3adceac
Mutex	runtime Malicious	a079a1c5b89476c8864fb198e3adceac

You must be signed in to post a comment.