Malicious
Malicious

a079a1c5b89476c8864fb198e3adceac

PE Executable
|
MD5: a079a1c5b89476c8864fb198e3adceac
|
Size: 530.37 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
a079a1c5b89476c8864fb198e3adceac
Sha1
c96a4f799bc91a79873f410d3f52b7617c7cb114
Sha256
31ed9da35b7d67a03adede508830880b3af7d04207ca899752848fd2d1ae6718
Sha384
2b404896153317e904cf8cd4c8bb6c612f6f1098a1e78d88cef2fc54a2427da112128ce889288ef170df8bdee5587c2e
Sha512
8cb31dc78c05b017393d3f53922777505d1bf9e5a26f768c4aad59beb0d63f61a410b4a98f617970ff04826bbab40cb7116f104f6a013d9ae96bffa736a3b114
SSDeep
12288:OzwxXnQTwaXirJ7utIeT1JvQ7Jnn9+W5AciIlw0P6s97:RXnwxw7610n9+W5ADINp97
TLSH
64B4BF35F6C48433D17B5A74ADF692854439FF602838588B3AF80C5C8B7B7826A653E7

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual C++ v6.0 DLL
Microsoft Visual Studio .NET
Pe123 v2006.4.4-4.12
RPolyCryptor V1.4.2 -> Vaska
File Structure
a079a1c5b89476c8864fb198e3adceac
Malicious
Malware Configuration - DcRat config.
Config. Field
 Value
Key (AES_256)

Tk1CblFiZGlISXdWTFdZTjE0YTZTaTFxY2lsb0JaVlc=
Ports

8080
Hosts

157.97.11.134
Version

1.0.7
Install

true
Install-Folder

%Temp%
Install File

RuntimeBroker.exe
Mutex

runtime
Certificate

MIICMDCCAZmgAwIBAgIVAI7IWFdXoYnjjoSxMJDHb6HBFJn1MA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTI0MDQxODEzMjEwOVoXDTM1MDEyNjEzMjEwOVowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALT9HoU3FTIku/OY1kDBgataFW6WNOLw5Kr4PQBcIAW+eQCRPqXe8pCJ89xeoz7llUynZuWY5kPrgcvkyL1LXpQ0yNAIYRI3h2cfWbPdcPhU2BRbA7W2u6F6j8207y3BD7LQnH/KS9mFBgiQ4SS81+UEo3CUtIAEtjhrdwOhn/dnAgMBAAGjMjAwMB0GA1UdDgQWBBQyzJHqSgEuupWcwHXOseEbn1ePfjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAGJqNSazZndg2f4qFC1ocXyQReXVteC/sgFLksqBN2SHvuGIeyT8ghEq0EjA+tnPL5uIR1GjTPAjC0jVlZ34Vqiv/2eLJfbUBdxpGwSHfCopfWkU2Pi9qNP4ZijU0vffhVLMBAtDA/bH79vy+c8a0z4n/iHQe7FuE1vRttS1/7G3
ServerSignature

OFU+CR24NE7iVF7hXg43RmMcCExE1giKKHJCZGkfqQGaiAyi5KRx1J4qDQJ15q61fe2e20ezIEoiEaxRQyGYlIFqHvkvW4c/jJlj3nXIg8FTl7TKBkWKMznZWhCu+8yrroLvqNr8XJgVIbdNNxQpfVdo1cBoNpjS
Anti-VM

null
PasteBin

true
BDOS

1
Delay

Default
Group

false
Artefacts
Name
 Value
Key (AES_256)

Tk1CblFiZGlISXdWTFdZTjE0YTZTaTFxY2lsb0JaVlc=
Ports

8080
CnC

157.97.11.134
Mutex

runtime
a079a1c5b89476c8864fb198e3adceac (530.37 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙