Malicious
Malicious

b455ab36147ec0629023c0d43f8f5c04

PE Executable
|
MD5: b455ab36147ec0629023c0d43f8f5c04
|
Size: 49.15 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
b455ab36147ec0629023c0d43f8f5c04
Sha1
216368eb9b7bfcced47f8557edef0918db984438
Sha256
a60110bcf8df4d64e2a2fa3c970b424a28517335defea3778d17f143e4905a74
Sha384
8b47e5a53851a2e6fb32a592322241e2c0325b834cce2f9ff7f17883887436986ff61d3469e2966313189084abe92b5b
Sha512
b4a88b4018f7c2371728ab8fbc89f0961d1738c11e03144d24168cc09950a8126cfb9439317e7ce71c7c754575867543e9803e78047526c313374c81ec1f7cb1
SSDeep
768:4udZNTAoZjRWUJd9bmo2qLABNJsnql9Izvs+WUq++puk0b+QDTYoTm0YLEk/RYDQ:4udZNTAGL27BTnUq++puHb7DMzlLEpdm
TLSH
10233B043BE9C16FF2BE4F74ACF22145867AF1772603D65D2CC442975A13FC29A429EA

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
b455ab36147ec0629023c0d43f8f5c04
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - AsyncRAT config.
Config. Field
 Value
Key (AES_256)

ZTMxV29XSkZkdUdLQmhSUWdpYURZZ1V0S0ppbjNiQlU=
Pastebin

-
Certificate

MIIE8jCCAtqgAwIBAgIQAOumdUH2bTp9TDXzpTziczANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjUxMjIwMDUzNDUyWhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAI207akN5sAn+GGF6YEYEV9CmbTELQdtHfzUo7sSVeVM7cpDHdV+1NYV+8+ffT2T973/hZwG4ZeOJFxSwyCDfmbZRhS2BaRGtTmSwI47K0XxnSDzqZG4HshmZ6RHpK71ZBUmcho2MHyHXrksoCo6vwb2DmW93lTeZu05f1Rb9R+RuXN/AIk53MqtXu3GsNfvFmqbLcOLEo4Lz8pmAn1oAG0/Z4kj9NWDFcnDneIUAlpaVgmF3BWtWjdr5jL3pl+oujZAQUxTY/28ba1nYZzJJQADX1XVCc1YznsS6p6CmCRZI74Zq0e7g8EMgqBxsXKj0BDKvUkFYcyE2N80jphTLgQGsUP3EgozZmTX4G9OO1qsLaqiWbosrn9rOODT6dd2oN4I2agBDEsUDGTua1PrLo2QZbuLASFonvm382gJMW2yuJQD6xyb2r25gGcmqYetLeZ2xN/y9k0O5THFe22VEgDXnS+lUQfMNYgJ2qz05sVP7LASHY6BKymD+SJKtpo7S3v3kp66Yik7WwRtoZTiuki5TgSN/FT2htbJXeBqVRrwvZd0k4Utn4CKV6PbraU778s+vgH9I2ota0g46MxoW5YsPDgoAlBEb7Bj75REoefTOd3tAceNjzvOVf4lN5l+y7R9bo3ja0a5+oZTRiSb+qV7AyDcIMHqvPp2oHNBQMFdAgMBAAGjMjAwMB0GA1UdDgQWBBTubMskX3ukPGgSjDB90P6isD8ZxjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQCENU9W0258J5wC58XgtdiirDB0tUddV01024vfvr/tqKgSxJeTL3RZAFgwGV4gmN2U77BoeGRKGhjJqkIPradmvfDGm3fqTE7M6oYRA9IP9Rh6L54J9V95OaI5Z1IXqHA2qEoczlz0oSpEkcOeklRJO46jtJaMcQxiGgwy2UZCgZTjQrTkZx8DnyyM4ZRuRn9kTdSYeTHXQt1dg0w4BdqRXcbBGHHbRDdRttG1DvLTAD4fI/G7/TUd4FhyWTx/1vZeYPYZrNWd8sKiegLQEadvdrZz7di6omhlzWLu5Iry5/x4L0NK6aRR9MJPugVH70H0VZtkjYrdL44Qiz5Qwm+c2NwVKX/L+IypXRFUykEJKWgppWIUyGOHhroANuM0xlMUF/v59/Sc7GwwzToXgCp46vs0J1FGWr6/XqNFcn1Q0sSqH3hwPg4aigEhpW8ElUdUrJsVEjpPkuSYL5W3bYeuIRmG2TcgdD6Vn4dTRBnOn7u0tDomngiLAkWJtHoBPU4O/mi+ctONpWDcgvCJJEK2YJ2fgqUy19sZcIlps8EF4bmeq+yQJdzcPJNyEjdMMBXT1PNLLW2WEDrjD++kdXP1td1TQjjoiBH5ruiNzyHfp/1QUhMApiwMYsfx+vIpKdc8JKdJClK7enrj7qGwTOx3xc/UHYsbtfFlxZf9aRaZBQ==
ServerSignature

GniAkvaHxpl0mIobs7VaUa6GmXSrJPNrOePEGW0S4cnmalwk7SSlDypjY4iNoBWlZl6H+9iGSYd4NPq75T18Krr44Yq5A1czo0JF+NrjHDbadrHpEn0DL96w07RZFnUVW4QOZv9yq1Byjlw/rdnvAkdmh4zekhiZyiPEHCS+zA1SBoRoATZUWOg93YZza7zEFUP8VIGnamd469Tl9/nUJTOGGMB8ZgC9DGFqQFjwGzi08vWqS4Y3sc4AEcea7a16upvnfoO6wlwoHqnzON6ITY8aEcMywjOtA/wuqdt9mMkVofvX8794Y7uv8MEBrXYRqp3SVf50J/+FMQE0oYJTDnfdh4hQbwuhoJ8HitcjTQGn6pRmMutNMVfLWCHWECzjRFwxcVI2leEjCEEObRhYXGWli2cnbgcgMNZQBqC6omQEYDtwD5/169Vl++dafD2nrBTu7+ERzfIHp0EHvkXn0rTtLQ5M7nbd28DiV6nOLzymIy62u4y2YGj+RfX6MPVBJK2RNmVjXMNZnEHE84GvQX81yO1A9gHTL/VTzabH986VwMkucScrt3ZPgssqn3KWeO0IrB8t4/EG8BevxbiscpvXucox/1E8nuwUkb6QrSey+Y4mTOBgJQqrnrT0kifNay4ezd9d7sItoDZT30LJ3GlmTbjMZc8o
Install

false
BDOS

false
Anti-VM

false
Install File

datarat.exe
Install-Folder

%AppData%
Hosts

111.229.180.223
Ports

3555,15555,25555
Mutex

N5FRYpEM0DuB
Version

0.5.8
Delay

3
Group

Default
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

GWRrVogapLeo
Full Name

GWRrVogapLeo
EntryPoint

System.Void aYAXVcOXPeKOXJ.RdknUUlKIjre::Main()
Scope Name

GWRrVogapLeo
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

ClientTool
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

120
Main Method

System.Void aYAXVcOXPeKOXJ.RdknUUlKIjre::Main()
Main IL Instruction Count

51
Main IL

ldc.i4.0 <null> stloc.0 <null> br IL_0012: ldloc.0 ldc.i4.s 100 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String aYAXVcOXPeKOXJ.MUVLpwtAdPXaKd::GfXxFOCGAKu call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4.s 100 call System.Boolean aYAXVcOXPeKOXJ.MUVLpwtAdPXaKd::AuDapWTJSoyNjhV() brtrue IL_002F: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean WNclWYeICOig.fpiuhKzIhSOv::xgepqaNanDHZQzi() brtrue IL_0040: ldsfld System.String aYAXVcOXPeKOXJ.MUVLpwtAdPXaKd::baDWeWyGgQkFp ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String aYAXVcOXPeKOXJ.MUVLpwtAdPXaKd::baDWeWyGgQkFp call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0054: ldsfld System.String aYAXVcOXPeKOXJ.MUVLpwtAdPXaKd::RKeJrgEcQA call System.Void WNclWYeICOig.iEstNohwfb::eGdxQQyDIhae() ldsfld System.String aYAXVcOXPeKOXJ.MUVLpwtAdPXaKd::RKeJrgEcQA call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0068: ldsfld System.String aYAXVcOXPeKOXJ.MUVLpwtAdPXaKd::WRNWenmUWYVFx call System.Void uobaMiGlMjX.dNouhksFRv::nbmyggvWoCF() ldsfld System.String aYAXVcOXPeKOXJ.MUVLpwtAdPXaKd::WRNWenmUWYVFx call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0086: call System.Void WNclWYeICOig.RRQWcWuGTJKHk::dDRmhndtTu() call System.Boolean WNclWYeICOig.RRQWcWuGTJKHk::VZLhklfUhiE() brfalse IL_0086: call System.Void WNclWYeICOig.RRQWcWuGTJKHk::dDRmhndtTu() call System.Void WNclWYeICOig.lRucjlFOrglgy::vNRIxpBYoZcbkdm() call System.Void WNclWYeICOig.RRQWcWuGTJKHk::dDRmhndtTu() leave IL_0096: nop pop <null> leave IL_0096: nop nop <null> call System.Boolean SCJbiQAuCcPL.YVLeXIwAXp::get_IsConnected() brtrue IL_00AB: leave IL_00B6 call System.Void SCJbiQAuCcPL.YVLeXIwAXp::PPSIKNdVWALrFw() call System.Void SCJbiQAuCcPL.YVLeXIwAXp::rndKZoHPHK() leave IL_00B6: ldc.i4 5000 pop <null> leave IL_00B6: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0096: nop
Module Name

GWRrVogapLeo
Full Name

GWRrVogapLeo
EntryPoint

System.Void aYAXVcOXPeKOXJ.RdknUUlKIjre::Main()
Scope Name

GWRrVogapLeo
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

ClientTool
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5
Total Strings

120
Main Method

System.Void aYAXVcOXPeKOXJ.RdknUUlKIjre::Main()
Main IL Instruction Count

51
Main IL

ldc.i4.0 <null> stloc.0 <null> br IL_0012: ldloc.0 ldc.i4.s 100 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String aYAXVcOXPeKOXJ.MUVLpwtAdPXaKd::GfXxFOCGAKu call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4.s 100 call System.Boolean aYAXVcOXPeKOXJ.MUVLpwtAdPXaKd::AuDapWTJSoyNjhV() brtrue IL_002F: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean WNclWYeICOig.fpiuhKzIhSOv::xgepqaNanDHZQzi() brtrue IL_0040: ldsfld System.String aYAXVcOXPeKOXJ.MUVLpwtAdPXaKd::baDWeWyGgQkFp ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String aYAXVcOXPeKOXJ.MUVLpwtAdPXaKd::baDWeWyGgQkFp call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0054: ldsfld System.String aYAXVcOXPeKOXJ.MUVLpwtAdPXaKd::RKeJrgEcQA call System.Void WNclWYeICOig.iEstNohwfb::eGdxQQyDIhae() ldsfld System.String aYAXVcOXPeKOXJ.MUVLpwtAdPXaKd::RKeJrgEcQA call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0068: ldsfld System.String aYAXVcOXPeKOXJ.MUVLpwtAdPXaKd::WRNWenmUWYVFx call System.Void uobaMiGlMjX.dNouhksFRv::nbmyggvWoCF() ldsfld System.String aYAXVcOXPeKOXJ.MUVLpwtAdPXaKd::WRNWenmUWYVFx call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0086: call System.Void WNclWYeICOig.RRQWcWuGTJKHk::dDRmhndtTu() call System.Boolean WNclWYeICOig.RRQWcWuGTJKHk::VZLhklfUhiE() brfalse IL_0086: call System.Void WNclWYeICOig.RRQWcWuGTJKHk::dDRmhndtTu() call System.Void WNclWYeICOig.lRucjlFOrglgy::vNRIxpBYoZcbkdm() call System.Void WNclWYeICOig.RRQWcWuGTJKHk::dDRmhndtTu() leave IL_0096: nop pop <null> leave IL_0096: nop nop <null> call System.Boolean SCJbiQAuCcPL.YVLeXIwAXp::get_IsConnected() brtrue IL_00AB: leave IL_00B6 call System.Void SCJbiQAuCcPL.YVLeXIwAXp::PPSIKNdVWALrFw() call System.Void SCJbiQAuCcPL.YVLeXIwAXp::rndKZoHPHK() leave IL_00B6: ldc.i4 5000 pop <null> leave IL_00B6: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0096: nop
Artefacts
Name
 Value
Key (AES_256)

ZTMxV29XSkZkdUdLQmhSUWdpYURZZ1V0S0ppbjNiQlU=
CnC

111.229.180.223
Ports

3555
Ports

15555
Ports

25555
Mutex

N5FRYpEM0DuB
b455ab36147ec0629023c0d43f8f5c04 (49.15 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙