Malicious
Malicious

cd61565ff36be9c1d9d19c88fc3f1ca0

PE Executable
|
MD5: cd61565ff36be9c1d9d19c88fc3f1ca0
|
Size: 530.37 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
cd61565ff36be9c1d9d19c88fc3f1ca0
Sha1
639dad4be2b45007a02ec9a60a8e2f1dbd0f541a
Sha256
3e787c87af7765b65c809ff0db0f7a421c2715cc7b56e17d0ed72920a97b2983
Sha384
d2e40c4d46128dd3bcf5f03aa1ba32c936eaf69ad8fb1c918b747cc200997be80b853d041c1658852c623fb2efb0ab98
Sha512
e3a52b028780db014d697ed2f7135359d0d27e7cd1cf3c52bf76385259352ef3a503abf2582bd7cc369f23e1ffacf6ce945a78ed0e55a18fd0cf719d61dc91dc
SSDeep
12288:EPwByTLuD0IaXirJ7utIeT1JvQ7Jnn9+W5AciIlw0P6s9y2:3ByTLuQpw761Qn9+W5ADINp9y2
TLSH
6DB4CF35F6C08433D1779A74ADE6D2454439FF602D38588B3AEC0C5C8B7B6826A663E7

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual C++ v6.0 DLL
Microsoft Visual Studio .NET
Pe123 v2006.4.4-4.12
RPolyCryptor V1.4.2 -> Vaska
File Structure
cd61565ff36be9c1d9d19c88fc3f1ca0
Malicious
Malware Configuration - DcRat config.
Config. Field
 Value
Key (AES_256)

T3owSEZxeGs4N0I0Y1g0a3VjU0pveEhtWUdNajYwd0U=
Ports

8080
Hosts

157.97.11.134
Version

1.0.7
Install

true
Install-Folder

%Temp%
Install File

Microsoft.ServiceHub.Controller.exe
Mutex

Microsoft.ServiceHub.Controller.
Certificate

MIICMDCCAZmgAwIBAgIVAI7IWFdXoYnjjoSxMJDHb6HBFJn1MA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTI0MDQxODEzMjEwOVoXDTM1MDEyNjEzMjEwOVowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALT9HoU3FTIku/OY1kDBgataFW6WNOLw5Kr4PQBcIAW+eQCRPqXe8pCJ89xeoz7llUynZuWY5kPrgcvkyL1LXpQ0yNAIYRI3h2cfWbPdcPhU2BRbA7W2u6F6j8207y3BD7LQnH/KS9mFBgiQ4SS81+UEo3CUtIAEtjhrdwOhn/dnAgMBAAGjMjAwMB0GA1UdDgQWBBQyzJHqSgEuupWcwHXOseEbn1ePfjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAGJqNSazZndg2f4qFC1ocXyQReXVteC/sgFLksqBN2SHvuGIeyT8ghEq0EjA+tnPL5uIR1GjTPAjC0jVlZ34Vqiv/2eLJfbUBdxpGwSHfCopfWkU2Pi9qNP4ZijU0vffhVLMBAtDA/bH79vy+c8a0z4n/iHQe7FuE1vRttS1/7G3
ServerSignature

d306b0bRQyyXdNZR7bex8sY9goYfeHS/7nrxOFrMQR6sSFmuAEK42iAMSUuPEsHTwywGdBbuJ8D0jqyaPkAb27P8Lza158HigKw5tcI7KoxVVUYcppA54yTKm6nFtj02ocwJreV2NFMBBK66VLAskpAnlB3EeCTU
Anti-VM

null
PasteBin

false
BDOS

1
Delay

Default
Group

false
Artefacts
Name
 Value
Key (AES_256)

T3owSEZxeGs4N0I0Y1g0a3VjU0pveEhtWUdNajYwd0U=
Ports

8080
CnC

157.97.11.134
Mutex

Microsoft.ServiceHub.Controller.
cd61565ff36be9c1d9d19c88fc3f1ca0 (530.37 KB)
File Structure
cd61565ff36be9c1d9d19c88fc3f1ca0
Malicious
Characteristics
Malware Configuration - DcRat config.
Config. Field
 Value
Key (AES_256)

T3owSEZxeGs4N0I0Y1g0a3VjU0pveEhtWUdNajYwd0U=
Ports

8080
Hosts

157.97.11.134
Version

1.0.7
Install

true
Install-Folder

%Temp%
Install File

Microsoft.ServiceHub.Controller.exe
Mutex

Microsoft.ServiceHub.Controller.
Certificate

MIICMDCCAZmgAwIBAgIVAI7IWFdXoYnjjoSxMJDHb6HBFJn1MA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTI0MDQxODEzMjEwOVoXDTM1MDEyNjEzMjEwOVowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALT9HoU3FTIku/OY1kDBgataFW6WNOLw5Kr4PQBcIAW+eQCRPqXe8pCJ89xeoz7llUynZuWY5kPrgcvkyL1LXpQ0yNAIYRI3h2cfWbPdcPhU2BRbA7W2u6F6j8207y3BD7LQnH/KS9mFBgiQ4SS81+UEo3CUtIAEtjhrdwOhn/dnAgMBAAGjMjAwMB0GA1UdDgQWBBQyzJHqSgEuupWcwHXOseEbn1ePfjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAGJqNSazZndg2f4qFC1ocXyQReXVteC/sgFLksqBN2SHvuGIeyT8ghEq0EjA+tnPL5uIR1GjTPAjC0jVlZ34Vqiv/2eLJfbUBdxpGwSHfCopfWkU2Pi9qNP4ZijU0vffhVLMBAtDA/bH79vy+c8a0z4n/iHQe7FuE1vRttS1/7G3
ServerSignature

d306b0bRQyyXdNZR7bex8sY9goYfeHS/7nrxOFrMQR6sSFmuAEK42iAMSUuPEsHTwywGdBbuJ8D0jqyaPkAb27P8Lza158HigKw5tcI7KoxVVUYcppA54yTKm6nFtj02ocwJreV2NFMBBK66VLAskpAnlB3EeCTU
Anti-VM

null
PasteBin

false
BDOS

1
Delay

Default
Group

false
Artefacts
Name
 Value Location
Key (AES_256)

T3owSEZxeGs4N0I0Y1g0a3VjU0pveEhtWUdNajYwd0U=

Malicious

cd61565ff36be9c1d9d19c88fc3f1ca0
Ports

8080

Malicious

cd61565ff36be9c1d9d19c88fc3f1ca0
CnC

157.97.11.134

Malicious

cd61565ff36be9c1d9d19c88fc3f1ca0
Mutex

Microsoft.ServiceHub.Controller.

Malicious

cd61565ff36be9c1d9d19c88fc3f1ca0
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙