Malicious
Malicious

c480a5d6ea9bd6380fbc0b76462da897

PE Executable
|
MD5: c480a5d6ea9bd6380fbc0b76462da897
|
Size: 77.82 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

High

Hash
 Hash Value
MD5
c480a5d6ea9bd6380fbc0b76462da897
Sha1
55caaabcb37f2273c0ae2e0fa79b7b19228c5d7e
Sha256
38f215b45de95293eee5d0a4ebaf2da2341ac93bcd5b001e52bcd1b96848b96a
Sha384
feaa257b9e9f68f6fc83d3a09ae8ef8b823dc526ab17f08473002d05a3a1e7dcc25c37d38d24e6dcdaedc2327c368dd7
Sha512
3c211c8474f01c52b153fa34b874eba37649a2a1c4ce1509fd8c0b4e5265915a56bfc8ce73fd0d7c27e20ec1bfbbb7e8b99309478a3ed4969ffe6b2a6d1d5e65
SSDeep
768:xDJ6dbYT5PG1q5+nCMI0boPaVr572GxXNBSrfhRNa0GpFJ6iTBircnAGEaDDGHXV:xdH0MJaSaVr59B0uDirKAGXDGHAkMJG
TLSH
B9734B087B9BD526E2BD9A7985E113450379E3533203DB5F2CC803A94F13BC79F46A9A

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
c480a5d6ea9bd6380fbc0b76462da897
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
b0494a1f-4bd3-sFuO8sRWF2aQfulVj78LmA==
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Client.g.resources
aR3nbf8dQp2feLmk31.lSfgApatkdxsVcGcrktoFd.resources
$this.Icon
[NBF]root.IconData
progressBar1.Modifiers
$this.Language
$this.GridSize
Malware Configuration - AsyncRAT config.
Config. Field
 Value
Key (AES_256)

MUNyZmlwTkJLSXJWN0VKZjA4bDlScG5oZHAyRVVyYlA=
Pastebin

-
Certificate

MIIE8jCCAtqgAwIBAgIQAKxLlAkF1WRT8tAExBlQyzANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjIwOTIwMTQyNzUwWhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKrrWexesJSLqGeYC6kTxL6e4fbMdbCF6T1opNgSYFlyavRm733h8x2GXmzipr8dl/UHWmWcPmk8g2zwjmE7GxoR1aZvC706J8/1cezY8r/KN3wk63Og1nfs4IBpiAAS1FiZYe5mIVFU4np9SfOmuY/FdcCEd8OUu7UbHl28KhuwIMDKtBn2K/rCw9CIzH/KBD4ll1OszTjzf9NLX5bBhz42/lRQE3fvO2gHrewjgy99RFWXdo4YLOZiJqDSQLBMtVezMBTFgGGNeRMzAnwNFyl5/8h0T2GtcdqGhwOTYTQR+Rsj02iuogScF7rgqwrBr5uYxYrZoI36ewAdl2wN1JklGJRx11puu0hDRzCjrFE0CxXcVtdrIztzChIltYHZBKZyxRiZXGmvpZzPIzjCEO3ChXJTBdYqQP2aOQSBVEliDXuxuBNS11uRB1A/D6TQOAy0TWigbjfniDKBvzeSr3dnQxyjH6srvuGD6DFONwba7CVaKadGrmxreDm8vucoUYpaJ4cjOK+ouqQrG7btjHfDhc4MtgSSwR72/Me97QQ0Uybis0q0/im9hhKxZr6I0jhZglfZ/ouZiTjvPsT38azYeUXVo4uYmcbJ3RPTNVv9xwc3DPkFsMkRmDXCp2UWlGVSb7ZjeRz36kW7fnIiQbN2cG5levzLVAWtOjFwjr3/AgMBAAGjMjAwMB0GA1UdDgQWBBRnnpfEE8/fplVj0LmNEhbg781l4TAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQBYfqUFr9Bld91t6lqV5NrngVezAFI4ZBHTDxhyvkrPQZhVxCvGVhOl5WqtmkUrdkUQbs+BS3rm1BBi2c5F4cC5f02v4lehtsM+EXifLaAU5DCE0WQ+/5CCEBh5VZ5dWoszKSIJFZFzktODyhLHwix/SgNcQ7k4+NtAjb6LTg0rSzcDfttAHcgKTCHpIYxR4FdbEAJ0iwBK1w2oBj/aVm9/nW8mQlzTAIyeEIBcfAL95asjkTOj/MrTElXz09nulfPrVSElidHMHsMXMnn7VZKM5rzhpA/zwV/NGYV6U8f9pF+bwZ1ubJKANo0CbkxCMO6BzMwBj+5pdhVCi9Sl6wg9QyYI5RuICLN03MNGEU0G0tVLkMiE3uzx7/evyrTguZJaAOiTmcSrdoToTCpS7znuLwCRyCNMCu0iUxCxbVE27IRxtOJBtVYqUD2Na8ZjaJQPQ5T+afCaeorSXHPX+/TKaqJqPALKVjNt8D6iYPmUXGZy2ED5YxV+QxFi3kibZe3QmR8MnJJs82mz5Tj0czZoZCnEIhm3bRG2BOSXmtwEC1raIXlgYbxmYr4FGYeUBDPL+sDr38YZ3fW2kRvpxocsUrmzYEbqRr3oLFppdKQIbTFNmdtBXOtEfqj8XcERQ4VA3qtOrDFulsAp7lWtoW6Cw6iCcO/1UWkCk6yC0jqdJA==
ServerSignature

IXO65mfs+HFrEqI4+ihi54gEEBRs+p1htcUMclslk/1WNIni1RbGFAeAs5DS2xjsLhRmy57M3dGPZbw8E5DCqWNEUQ3BDbdCmLIiB+nXowt1xnspzbQcxhGkgrrb3gCjxXxXiXgQaA87qxw2LFAQivN7+fUrM10HEnCEeVs6/jVwmOL4BfhjZhNot3b1kRH4N+fQhMnEl3ejN+1bSD8UkI7x8Pv5DK/9o8+7ZRmgghUDjSvuSz4Ds2MYljlSfrnWELd8VmSgtmieyyL91sTmdrdM1BV2EQFYnOwHEL24TAKfOti2vHUM8UeWEspRrT5sPiNx68//0AKql39pY5CetJJayKCayiFKRBmZcFOj8PD7cUvTuJhdNVqw4OlHWU8Aj8obOyiy9+xKmKbudE5xYd9l0aLXl1ocxZ2qzsCty1f37G7Wvio/wDHhcFbYLmg84xv8thPRJIY1QQ/58pBT6nQI6rcRKR2K2gORuE0pfQMdgOfffa9zdsW/tBVMWSNGTiVR3WDc3BjjGK86LeF2enMY4u+yfckLntaW6r3Y3+cw8JAt+dRKsVO6ZNocPXfeZjA4qh+Bih+OtkVghed2fwesoe6GdhoBYkf0ZOPDWtmetRy+3jemtH94DMoq1ZLGSQXc1ls+gK7opB57vvDBlrNydMFt8y/k
Install

false
BDOS

false
Anti-VM

false
Install-Folder

%AppData%
Version

0.5.7B
Hosts

franfranfran2025202646464.duckdn
Ports

3011
Mutex

AsyncMutex_6SI8O
Delay

3
Group

Ragst05
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Ragst006.exe
Full Name

Ragst006.exe
EntryPoint

System.Void <PrivateImplementationDetails>{C9D51624-7BE3-4530-BBD7-5A7744545664}::Main()
Scope Name

Ragst006.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Ragst006
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

135
Main Method

System.Void <PrivateImplementationDetails>{C9D51624-7BE3-4530-BBD7-5A7744545664}::Main()
Main IL Instruction Count

3
Main IL

call System.Void hyBi4B7CHOZ0PcM2da.BrEOWILUFmZ9AtRTw7::lLHifFIsCLsZtjvFfN0i() call System.Void Client.Program::Main() ret <null>
Module Name

Ragst006.exe
Full Name

Ragst006.exe
EntryPoint

System.Void <PrivateImplementationDetails>{C9D51624-7BE3-4530-BBD7-5A7744545664}::Main()
Scope Name

Ragst006.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Ragst006
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0
Total Strings

135
Main Method

System.Void <PrivateImplementationDetails>{C9D51624-7BE3-4530-BBD7-5A7744545664}::Main()
Main IL Instruction Count

3
Main IL

call System.Void hyBi4B7CHOZ0PcM2da.BrEOWILUFmZ9AtRTw7::lLHifFIsCLsZtjvFfN0i() call System.Void Client.Program::Main() ret <null>
Artefacts
Name
 Value
Key (AES_256)

MUNyZmlwTkJLSXJWN0VKZjA4bDlScG5oZHAyRVVyYlA=
CnC

franfranfran2025202646464.duckdn
Ports

3011
Mutex

AsyncMutex_6SI8O
c480a5d6ea9bd6380fbc0b76462da897 (77.82 KB)
File Structure
c480a5d6ea9bd6380fbc0b76462da897
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
b0494a1f-4bd3-sFuO8sRWF2aQfulVj78LmA==
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Client.g.resources
aR3nbf8dQp2feLmk31.lSfgApatkdxsVcGcrktoFd.resources
$this.Icon
[NBF]root.IconData
progressBar1.Modifiers
$this.Language
$this.GridSize
Characteristics
Malware Configuration - AsyncRAT config.
Config. Field
 Value
Key (AES_256)

MUNyZmlwTkJLSXJWN0VKZjA4bDlScG5oZHAyRVVyYlA=
Pastebin

-
Certificate

MIIE8jCCAtqgAwIBAgIQAKxLlAkF1WRT8tAExBlQyzANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjIwOTIwMTQyNzUwWhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKrrWexesJSLqGeYC6kTxL6e4fbMdbCF6T1opNgSYFlyavRm733h8x2GXmzipr8dl/UHWmWcPmk8g2zwjmE7GxoR1aZvC706J8/1cezY8r/KN3wk63Og1nfs4IBpiAAS1FiZYe5mIVFU4np9SfOmuY/FdcCEd8OUu7UbHl28KhuwIMDKtBn2K/rCw9CIzH/KBD4ll1OszTjzf9NLX5bBhz42/lRQE3fvO2gHrewjgy99RFWXdo4YLOZiJqDSQLBMtVezMBTFgGGNeRMzAnwNFyl5/8h0T2GtcdqGhwOTYTQR+Rsj02iuogScF7rgqwrBr5uYxYrZoI36ewAdl2wN1JklGJRx11puu0hDRzCjrFE0CxXcVtdrIztzChIltYHZBKZyxRiZXGmvpZzPIzjCEO3ChXJTBdYqQP2aOQSBVEliDXuxuBNS11uRB1A/D6TQOAy0TWigbjfniDKBvzeSr3dnQxyjH6srvuGD6DFONwba7CVaKadGrmxreDm8vucoUYpaJ4cjOK+ouqQrG7btjHfDhc4MtgSSwR72/Me97QQ0Uybis0q0/im9hhKxZr6I0jhZglfZ/ouZiTjvPsT38azYeUXVo4uYmcbJ3RPTNVv9xwc3DPkFsMkRmDXCp2UWlGVSb7ZjeRz36kW7fnIiQbN2cG5levzLVAWtOjFwjr3/AgMBAAGjMjAwMB0GA1UdDgQWBBRnnpfEE8/fplVj0LmNEhbg781l4TAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQBYfqUFr9Bld91t6lqV5NrngVezAFI4ZBHTDxhyvkrPQZhVxCvGVhOl5WqtmkUrdkUQbs+BS3rm1BBi2c5F4cC5f02v4lehtsM+EXifLaAU5DCE0WQ+/5CCEBh5VZ5dWoszKSIJFZFzktODyhLHwix/SgNcQ7k4+NtAjb6LTg0rSzcDfttAHcgKTCHpIYxR4FdbEAJ0iwBK1w2oBj/aVm9/nW8mQlzTAIyeEIBcfAL95asjkTOj/MrTElXz09nulfPrVSElidHMHsMXMnn7VZKM5rzhpA/zwV/NGYV6U8f9pF+bwZ1ubJKANo0CbkxCMO6BzMwBj+5pdhVCi9Sl6wg9QyYI5RuICLN03MNGEU0G0tVLkMiE3uzx7/evyrTguZJaAOiTmcSrdoToTCpS7znuLwCRyCNMCu0iUxCxbVE27IRxtOJBtVYqUD2Na8ZjaJQPQ5T+afCaeorSXHPX+/TKaqJqPALKVjNt8D6iYPmUXGZy2ED5YxV+QxFi3kibZe3QmR8MnJJs82mz5Tj0czZoZCnEIhm3bRG2BOSXmtwEC1raIXlgYbxmYr4FGYeUBDPL+sDr38YZ3fW2kRvpxocsUrmzYEbqRr3oLFppdKQIbTFNmdtBXOtEfqj8XcERQ4VA3qtOrDFulsAp7lWtoW6Cw6iCcO/1UWkCk6yC0jqdJA==
ServerSignature

IXO65mfs+HFrEqI4+ihi54gEEBRs+p1htcUMclslk/1WNIni1RbGFAeAs5DS2xjsLhRmy57M3dGPZbw8E5DCqWNEUQ3BDbdCmLIiB+nXowt1xnspzbQcxhGkgrrb3gCjxXxXiXgQaA87qxw2LFAQivN7+fUrM10HEnCEeVs6/jVwmOL4BfhjZhNot3b1kRH4N+fQhMnEl3ejN+1bSD8UkI7x8Pv5DK/9o8+7ZRmgghUDjSvuSz4Ds2MYljlSfrnWELd8VmSgtmieyyL91sTmdrdM1BV2EQFYnOwHEL24TAKfOti2vHUM8UeWEspRrT5sPiNx68//0AKql39pY5CetJJayKCayiFKRBmZcFOj8PD7cUvTuJhdNVqw4OlHWU8Aj8obOyiy9+xKmKbudE5xYd9l0aLXl1ocxZ2qzsCty1f37G7Wvio/wDHhcFbYLmg84xv8thPRJIY1QQ/58pBT6nQI6rcRKR2K2gORuE0pfQMdgOfffa9zdsW/tBVMWSNGTiVR3WDc3BjjGK86LeF2enMY4u+yfckLntaW6r3Y3+cw8JAt+dRKsVO6ZNocPXfeZjA4qh+Bih+OtkVghed2fwesoe6GdhoBYkf0ZOPDWtmetRy+3jemtH94DMoq1ZLGSQXc1ls+gK7opB57vvDBlrNydMFt8y/k
Install

false
BDOS

false
Anti-VM

false
Install-Folder

%AppData%
Version

0.5.7B
Hosts

franfranfran2025202646464.duckdn
Ports

3011
Mutex

AsyncMutex_6SI8O
Delay

3
Group

Ragst05
Artefacts
Name
 Value Location
Key (AES_256)

MUNyZmlwTkJLSXJWN0VKZjA4bDlScG5oZHAyRVVyYlA=

Malicious

c480a5d6ea9bd6380fbc0b76462da897
CnC

franfranfran2025202646464.duckdn

Malicious

c480a5d6ea9bd6380fbc0b76462da897
Ports

3011

Malicious

c480a5d6ea9bd6380fbc0b76462da897
Mutex

AsyncMutex_6SI8O

Malicious

c480a5d6ea9bd6380fbc0b76462da897
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙