Malicious
Malicious

a6500aa1e64d2595a92fa9011ecda33d

PE Executable
MD5: a6500aa1e64d2595a92fa9011ecda33d
Size: 47.62 KB
application/x-dosexec
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Low

Hash
 Hash Value
MD5
a6500aa1e64d2595a92fa9011ecda33d
Sha1
19f50fc7f24855441a098d99deca356ae1ada34a
Sha256
5a18dde1c24ec62f512ddce23ff3dac4f3bd08d0a0089c046541132a4f948037
Sha384
2c3636359f7207362ef49dd25241f0e5293b9ddd1dae1af6ac4fd85590806023fb1546d4571d192459080abaaa6f8bbd
Sha512
cbc99e07f571b0aeef49982dff253154272881e6920dc84d228a5444330897dc99e2966f37b0e9fc4a292574c1d98ef41127bae83bf1fd2fbc09a405ac7aa5e0
SSDeep
768:1qHHWcbXIgc3WkOicvHk3eHlWMPbPgF0qeMcGmsBTAYI6OC/LbtYcFmVc6K:1h3WXvZH0ub4FrS2Q6OwL7mVcl
TLSH
D8233B003BEA8126E1BE5FB89DF5114187BAE6633603D65E3CC841D61B137C7CA52AF6

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
a6500aa1e64d2595a92fa9011ecda33d
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - AsyncRAT config.
Config. Field
 Value
Key (AES_256)

ZmNWVnFKS1U4SWFhMHd0RlY4ekRWdUxJQmFLeWJJbnQ=
Pastebin

-
Certificate

MIIE8jCCAtqgAwIBAgIQAOD7cV0bLhEBFPJUOT6P5TANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjYwNTA2MTgwNzQ2WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALbogjSQruWZ6e0W50t6xywM9nWyeqB6w3E9sv4fVJXMYwr9+6VRn2+Ki0AZeEzTe+wEfgJ4mqX43+hYHMOORcyIlSPFiGT4Mmkr4PFr4j2qkdDWmIXU+8ntHW11259TEzscd4tCXZTcPwxqZvNuzYcHPIRieF+7mwR1Sd8I+vK0sb/6qxyvs4IBmRHvwfMjNQCqAns0/hG9udrcKLOA1VH1THpUs0lqqsOcAus0jQyZ+JBESBzrKlyZLRq+DnP6nHQMZfK5Y/tsNgI+QDZtCOXhRmhV+/75j8jI9jw/M0zfefSRXrgH3EdqyJ1DDJD3opv8jvSD6LjYjV1gSqNESwCysBnlOROWj4TEH9/J1T2xumjHOB+jOHfT1lGVjKt07vJv4sPQmG29cnZkgvX+04awtESinsWd/N3TLSPzQcmCxfcby4mOcA9ENpqxgpbHfnF6iwlMySHUx7Zev7a88+8viNiCgPCiMR+KZ2skp+q4Glv6S1ps+imkvFmpw1Mkzchw88kqNNCNmZfv0iM99TcechVO18QwHQOEgqd5dnrMsCz1wFSG4cTBR2yQIUCbwkp4WLVdTLX9wnXLuAY9/9pPpmVHS5lX1QAkf174nk+q8G7jiC34z5WsQhBPIrbgz0f35PjG7aWnoLCQmrmrA0FfWbSMqJPz8ACnZG1hWV59AgMBAAGjMjAwMB0GA1UdDgQWBBTEvxDfZyOhxLqEqvaD9fMUgotbojAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQBdhNBK8ZWmC6/XFqR6PyP3rCng2FylxxPWwjR0Y28fqDYFCigKuJ47wvF6VrJMD53xeLVODBbpVLHatiZFty39HWlool+VBGOAUoT/ZLuEZngviKIDWQMBJ/VGRj5LbzUV4ewAp4pj5nyjCxyR6NKJInwXo9U9SCENkWZgPP23CBzuoIY6eLaDImIlJdhZy1MEgqZgJInL802g1tt8twM3aAnWOHqd4dynfwnsUbGmiLYEOFDPkwMtV60dm3faknS7zX5FRwcyUpfvT6O3q8CrNOVVxgV1W7llDB8sZ7f8r7a22uVZAGMVUhW8bUVgPJbYPX525ihinHeNGuA+oG4h36Jecb/FRGOud/DkW3A/TfVkP/CD2QI2Zcebc4zdTxplERVtQruP+pIEu5dtFbl1izw0LFQ33v5yTHHYktLSFR6Q3TDIFArSPjDZ+M3E4oWg9uYWaaR0ZN0lluYEtTHdPp8KnVDpI4vUNph1o/Ku00DOeMC0Ji7cT/Gt0RFJwxplVxHJgH5WXhaIbQWqu+pEpRQvaHHPZenIrzklP96bbs92mpS0i2ehhJKJRaTNWl/1ENNE8qTy133E1oqqCrRFp4W2PaavI8FzO1GqUAAATIE8MmbScEWxX8cMCHgoQhMa8/nAIgzIyIr84auhmRQCyCMRCA3rKPAxEY6kYXfYnA==
ServerSignature

N9ByLR4KVfekL2eNSD4BVJKSrxHAt9OcT0PIldaDy3ciGkzJHEPxQU82eP5760f4+H+acrElnBulaGM2Bz4rtUfw+MfS2Ao5m7G96u4fpB+mJsnIXbmaxao8mhaQH+o3D0wTo6CAPZqY+evX7eaz/J3t3ci93KqAEjs0jg0C6IOutqPr3R4/qgeZmp7gjYWasu+lzjjPTanjxVTZmiwRlOHY6zLhL7WUpYDLJ8uksrdrKrVh0z/HRmBaNwfDDr9/B4yRq6o7nBLrKEhCPeLr6nO95//LJTwfIeKcVXc6iqYUdiWJ5QHGG1Kjxk791fM5s3dAEImd4pDwd5FtXcOlLdJajNTgvdoW4cmIM5wPgOjefUYxbNRhU9yzTrRPBOF6ZufViA9BCCeC0D+YSfUIl92r9x5BRBPQoRaRye2rWeguMfaD5C1Qdx6RzrVinZ5/oDyRmRH+CtX3Hddt6phuKfz6fIwCF9uNh1wDbY2D+IZh6Wk8oThy4iEL/IA76zoSC6yjiLi3CmQR2YfYPmDkOl3otIr4EjPno5Fqt2zTtmCwHb3si/tk8gGh/xcC7bv4UYAhgiy5+QHZPuS2rxjU9PxL2vMgC1Rel9Gf1FdMqv/hs3VJxstoPV4T08033FDIncvXE9AnCP5SuAYRdTNc9sRbNBZwQim1qoSYCEHCEXo=
Install

false
BDOS

false
Anti-VM

false
Install File

system.exe
Install-Folder

%AppData%
Version

0.5.6A
Hosts

hypebeast.co.com
Ports

80,443,6606,7707,8080,8808
Mutex

mestizo.co.com
Delay

5
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Stub.exe
Full Name

Stub.exe
EntryPoint

System.Void Client.Program::Main()
Scope Name

Stub.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Stub
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

130
Main Method

System.Void Client.Program::Main()
Main IL Instruction Count

53
Main IL

ldc.i4.0 <null> stloc.0 <null> br.s IL_0012: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::Delay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0004: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue.s IL_002C: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue.s IL_003A: ldsfld System.String Client.Settings::Anti ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String Client.Settings::Anti call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_004B: ldsfld System.String Client.Settings::Install call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() ldsfld System.String Client.Settings::Install call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_005C: ldsfld System.String Client.Settings::BDOS call System.Void Client.Install.NormalStartup::Install() ldsfld System.String Client.Settings::BDOS call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_0074: call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse.s IL_0074: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.ProcessCritical::Set() call System.Void Client.Helper.Methods::PreventSleep() newobj System.Void Client.Helper.CheckMiner::.ctor() call System.String Client.Helper.CheckMiner::GetProcess() pop <null> leave.s IL_0089: call System.Boolean Client.Connection.ClientSocket::get_IsConnected() pop <null> leave.s IL_0089: call System.Boolean Client.Connection.ClientSocket::get_IsConnected() call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue.s IL_009A: newobj System.Void System.Random::.ctor() call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() newobj System.Void System.Random::.ctor() ldc.i4 1000 ldc.i4 5000 callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0089: call System.Boolean Client.Connection.ClientSocket::get_IsConnected()
Module Name

Stub.exe
Full Name

Stub.exe
EntryPoint

System.Void Client.Program::Main()
Scope Name

Stub.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Stub
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

130
Main Method

System.Void Client.Program::Main()
Main IL Instruction Count

53
Main IL

ldc.i4.0 <null> stloc.0 <null> br.s IL_0012: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::Delay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0004: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue.s IL_002C: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue.s IL_003A: ldsfld System.String Client.Settings::Anti ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String Client.Settings::Anti call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_004B: ldsfld System.String Client.Settings::Install call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() ldsfld System.String Client.Settings::Install call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_005C: ldsfld System.String Client.Settings::BDOS call System.Void Client.Install.NormalStartup::Install() ldsfld System.String Client.Settings::BDOS call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_0074: call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse.s IL_0074: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.ProcessCritical::Set() call System.Void Client.Helper.Methods::PreventSleep() newobj System.Void Client.Helper.CheckMiner::.ctor() call System.String Client.Helper.CheckMiner::GetProcess() pop <null> leave.s IL_0089: call System.Boolean Client.Connection.ClientSocket::get_IsConnected() pop <null> leave.s IL_0089: call System.Boolean Client.Connection.ClientSocket::get_IsConnected() call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue.s IL_009A: newobj System.Void System.Random::.ctor() call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() newobj System.Void System.Random::.ctor() ldc.i4 1000 ldc.i4 5000 callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0089: call System.Boolean Client.Connection.ClientSocket::get_IsConnected()
Artefacts
Name
 Value
Key (AES_256)

ZmNWVnFKS1U4SWFhMHd0RlY4ekRWdUxJQmFLeWJJbnQ=
CnC

hypebeast.co.com
Ports

80
Ports

443
Ports

6606
Ports

7707
Ports

8080
Ports

8808
Mutex

mestizo.co.com
a6500aa1e64d2595a92fa9011ecda33d (47.62 KB)
File Structure
a6500aa1e64d2595a92fa9011ecda33d
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Characteristics
Malware Configuration - AsyncRAT config.
Config. Field
 Value
Key (AES_256)

ZmNWVnFKS1U4SWFhMHd0RlY4ekRWdUxJQmFLeWJJbnQ=
Pastebin

-
Certificate

MIIE8jCCAtqgAwIBAgIQAOD7cV0bLhEBFPJUOT6P5TANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjYwNTA2MTgwNzQ2WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALbogjSQruWZ6e0W50t6xywM9nWyeqB6w3E9sv4fVJXMYwr9+6VRn2+Ki0AZeEzTe+wEfgJ4mqX43+hYHMOORcyIlSPFiGT4Mmkr4PFr4j2qkdDWmIXU+8ntHW11259TEzscd4tCXZTcPwxqZvNuzYcHPIRieF+7mwR1Sd8I+vK0sb/6qxyvs4IBmRHvwfMjNQCqAns0/hG9udrcKLOA1VH1THpUs0lqqsOcAus0jQyZ+JBESBzrKlyZLRq+DnP6nHQMZfK5Y/tsNgI+QDZtCOXhRmhV+/75j8jI9jw/M0zfefSRXrgH3EdqyJ1DDJD3opv8jvSD6LjYjV1gSqNESwCysBnlOROWj4TEH9/J1T2xumjHOB+jOHfT1lGVjKt07vJv4sPQmG29cnZkgvX+04awtESinsWd/N3TLSPzQcmCxfcby4mOcA9ENpqxgpbHfnF6iwlMySHUx7Zev7a88+8viNiCgPCiMR+KZ2skp+q4Glv6S1ps+imkvFmpw1Mkzchw88kqNNCNmZfv0iM99TcechVO18QwHQOEgqd5dnrMsCz1wFSG4cTBR2yQIUCbwkp4WLVdTLX9wnXLuAY9/9pPpmVHS5lX1QAkf174nk+q8G7jiC34z5WsQhBPIrbgz0f35PjG7aWnoLCQmrmrA0FfWbSMqJPz8ACnZG1hWV59AgMBAAGjMjAwMB0GA1UdDgQWBBTEvxDfZyOhxLqEqvaD9fMUgotbojAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQBdhNBK8ZWmC6/XFqR6PyP3rCng2FylxxPWwjR0Y28fqDYFCigKuJ47wvF6VrJMD53xeLVODBbpVLHatiZFty39HWlool+VBGOAUoT/ZLuEZngviKIDWQMBJ/VGRj5LbzUV4ewAp4pj5nyjCxyR6NKJInwXo9U9SCENkWZgPP23CBzuoIY6eLaDImIlJdhZy1MEgqZgJInL802g1tt8twM3aAnWOHqd4dynfwnsUbGmiLYEOFDPkwMtV60dm3faknS7zX5FRwcyUpfvT6O3q8CrNOVVxgV1W7llDB8sZ7f8r7a22uVZAGMVUhW8bUVgPJbYPX525ihinHeNGuA+oG4h36Jecb/FRGOud/DkW3A/TfVkP/CD2QI2Zcebc4zdTxplERVtQruP+pIEu5dtFbl1izw0LFQ33v5yTHHYktLSFR6Q3TDIFArSPjDZ+M3E4oWg9uYWaaR0ZN0lluYEtTHdPp8KnVDpI4vUNph1o/Ku00DOeMC0Ji7cT/Gt0RFJwxplVxHJgH5WXhaIbQWqu+pEpRQvaHHPZenIrzklP96bbs92mpS0i2ehhJKJRaTNWl/1ENNE8qTy133E1oqqCrRFp4W2PaavI8FzO1GqUAAATIE8MmbScEWxX8cMCHgoQhMa8/nAIgzIyIr84auhmRQCyCMRCA3rKPAxEY6kYXfYnA==
ServerSignature

N9ByLR4KVfekL2eNSD4BVJKSrxHAt9OcT0PIldaDy3ciGkzJHEPxQU82eP5760f4+H+acrElnBulaGM2Bz4rtUfw+MfS2Ao5m7G96u4fpB+mJsnIXbmaxao8mhaQH+o3D0wTo6CAPZqY+evX7eaz/J3t3ci93KqAEjs0jg0C6IOutqPr3R4/qgeZmp7gjYWasu+lzjjPTanjxVTZmiwRlOHY6zLhL7WUpYDLJ8uksrdrKrVh0z/HRmBaNwfDDr9/B4yRq6o7nBLrKEhCPeLr6nO95//LJTwfIeKcVXc6iqYUdiWJ5QHGG1Kjxk791fM5s3dAEImd4pDwd5FtXcOlLdJajNTgvdoW4cmIM5wPgOjefUYxbNRhU9yzTrRPBOF6ZufViA9BCCeC0D+YSfUIl92r9x5BRBPQoRaRye2rWeguMfaD5C1Qdx6RzrVinZ5/oDyRmRH+CtX3Hddt6phuKfz6fIwCF9uNh1wDbY2D+IZh6Wk8oThy4iEL/IA76zoSC6yjiLi3CmQR2YfYPmDkOl3otIr4EjPno5Fqt2zTtmCwHb3si/tk8gGh/xcC7bv4UYAhgiy5+QHZPuS2rxjU9PxL2vMgC1Rel9Gf1FdMqv/hs3VJxstoPV4T08033FDIncvXE9AnCP5SuAYRdTNc9sRbNBZwQim1qoSYCEHCEXo=
Install

false
BDOS

false
Anti-VM

false
Install File

system.exe
Install-Folder

%AppData%
Version

0.5.6A
Hosts

hypebeast.co.com
Ports

80,443,6606,7707,8080,8808
Mutex

mestizo.co.com
Delay

5
Artefacts
Name
 Value Location
Key (AES_256)

ZmNWVnFKS1U4SWFhMHd0RlY4ekRWdUxJQmFLeWJJbnQ=

Malicious

a6500aa1e64d2595a92fa9011ecda33d
CnC

hypebeast.co.com

Malicious

a6500aa1e64d2595a92fa9011ecda33d
Ports

80

Malicious

a6500aa1e64d2595a92fa9011ecda33d
Ports

443

Malicious

a6500aa1e64d2595a92fa9011ecda33d
Ports

6606

Malicious

a6500aa1e64d2595a92fa9011ecda33d
Ports

7707

Malicious

a6500aa1e64d2595a92fa9011ecda33d
Ports

8080

Malicious

a6500aa1e64d2595a92fa9011ecda33d
Ports

8808

Malicious

a6500aa1e64d2595a92fa9011ecda33d
Mutex

mestizo.co.com

Malicious

a6500aa1e64d2595a92fa9011ecda33d
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙