Malicious
Malicious

d6df6f96a08a21be356413a2b053d1bc

PE Executable
|
MD5: d6df6f96a08a21be356413a2b053d1bc
|
Size: 48.64 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
d6df6f96a08a21be356413a2b053d1bc
Sha1
241cba30c9f6f6534af296aca19633fbf4f4433d
Sha256
c0ef405adacaa82f0407c967d720f896d3512f6a16138492d7bc7a9fe18c0959
Sha384
ad0f7e1b744731114778400d5aee58c1ad4c90007179899a4b571eb87c124b8aa6721d8fbdad1ad503babb7664afec72
Sha512
2740ec36659f3926c74add9ef88002672e3670bdb525d8371d75bfc4ae775df02a2574e5a226bbf23b03e512d53a6e302057f5f0d0a66b90f33ec43e58a78477
SSDeep
768:EuSBGTAo1wxWUpdj7mo2qLmcuA/5QzCiKPI5LQ0baMlpylZNYS6FiYaHlEiuNVB7:EuSBGTA2g2zAv45L7baMlEmVaFxcdPx
TLSH
E9232C0077EDC62AF27E4F7498F22246857BB1677603DA4D1CC451D75A23FC286426FA

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
d6df6f96a08a21be356413a2b053d1bc
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - AsyncRAT config.
Config. Field
 Value
Key (AES_256)

TUR3c2ZXZXhsUkdDcFhoRk91emR3bmUzVWRyRHl1NXo=
Pastebin

-
Certificate

MIIE8jCCAtqgAwIBAgIQAJfL66BX38vT0eh78NJWDzANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjUwOTE0MjM1MTAxWhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAIr/Fe0abDoOlg6MzyJnJeW/S7Tt9AZOLAOyCT09tIre+dLl4XM4VM7nO+zQfm4sgc0R5Wwz5Vx0VHU1w5G9+pzGpcVsLhd4+UjzZK8rhdx5ZAIGd38DDq5Zqv8aaU4Xr8aZO8ieJ19X7OCQ6G3Ah8lh0BXBm43a2ox4jO8ZrZ50JL/C8zHP67OAlPi2HNzEgiHXx2cLBNz4jxNFpy6KMkY29/ztchYulZteFjE+8GfsOMabbsFEggxywLiCBGnFJoCyy+hl0FZQj9D1NdSqcIBSM5tLTV6CT0wbe79g+m0Huro5cwL/1wYKVhDdGutUfuEi33EbCnqWT1bEFv6UnoCkLfBBFEwLIzACtyhgZ/VrbyUrcvlxO9iRYG9Kut1PkM5FtDyFlmL4gntUuwS0el+QBXi+2Olqa/SLMCz7wNnDXZHojVQh9+EO+SnstRhMUIN+moOpQPP2EI0Za5mIvhnvLOcTXrRsNDK1e7w2yniLsgLcYeGL/Fcp18eJqr/rDYDedqXbUvkJ+UZHsdHLLqCzw+S2+fEC6SluF1CbMYhfpRFjsVr2zxbeQqPWZ8LqDT9hWQi1poVtqIAnVcGv73ZNVYWpX9eaXrAXiUIjcd4EKP04f1QD/9iKhnVagVbM5cvs2DUIXer+C9fsL7dfRc1VHkoDdiQ6ldS2627bqZgJAgMBAAGjMjAwMB0GA1UdDgQWBBQzyoyVSi/DekVoT1YHL25GPqA8wjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQCDZQnR+XgNJR6aCfdi+3OjEEfFCkWY76HcoLYTf3LE3jrftRPMI5Qffxy3Tj+zG50v25kjIf39EaX5n819IddUqIXmAXJ08DiUzH92YIRS93B0PcGJLXQRMOgEn4Dm5w2A48znVP5Guookm89F0D1Ayea/7ZWEjl5vm/f+CbAmZBVONxtEzwlOp/6rq0i21oIXLDlESlVcDhSqJMZ/DM4JDy0gKpxYwVhb2Kz32lSAsalV4/peDMzziTadgt6lPwSZE1SJryBUMMXoZCIB5EoBHMZjA5e5X39rEPa62eEI5Kq2cq0ylBsoi3avVXY4T/ntKP1ITtwWUGPE1ZxtHqCltraP2d/Fl+Mcapwfiwv/1rawTEflCMJvx+wXzjGHnteJol/bEFF5jlu4vVS8p1lr/psmY1vyLv+oosdeCdu8DxbmJ5SmMTrEG/oIxwbdlhyNOvVm5qpkDZ3q8fxbLSfQs5WcwjFrY2+B0+kmi56ze8qerjIcoGsLJCY7mIyh/clNs6poP/SjIWZjR28woZhPfqOuNOEYq8uYVO39ovJ0xtmPDKEmNeoubA9GGBce05Gh7Bo7gi/c9vWJojC83FUHKwECKhIYeaWI56y6S3QDxruDIe58EwmATkbTkPg9EjF9OIR7DR5lkS4xDGYXXQjHH71h7hi/8HZTP6e9O6B63g==
ServerSignature

cVmtx6KFdtSwHygkruCnmBQxAjTrXX2oxTPtOcjTaYs05P0xeexABdecAST5c91uMgDTy34oslRsNNgGuWU11RCpohFSWJj0zbrF9pSirF46vZDjDEqbqUJXZgahzQvHxCYKGimpxeSbTo7lGrBR//ef3+cUwtAA1oCom01f/pVV4ocNKeLlwO0nbZ3AQQWeY1R00Ko5ySosq89DGJCuPPx/9F7RPa+3yLXfDhOlIL4VrKtt086j2hZBcOdb8ZqYEsusRjDrLe5xSSbnmFNxjsy6KqYyHJHYHMuc40iHll8PTay2/dzOH5HNRkvNRI+LjNVjuFtKvUQKp4Rt2oGi+FAwNiAg0skPOcHVCheJgiZiZ0LliNoYKthaBNK6eIFmfTbbmCOFyYb2IncEISceXs0iZX4W8D0ZX3ri3lqgVj/Pv6/hbOEACs28opg6Cxza+RAOEIBQsj0CYKBS6owlG0jq9MBMLUeR8t+gZsKUkOjAQewpmtaU1bWuLCPRJHrmPaDF/YPIBcqQKDlWPSVOfRoyUNTmZ5jFJsxd2qLSEtka59xPFRh747g0vWIu/NkV13Zo7BdV+hAv6edNQVldc3ZwjHtymMSpNIBZZR0wlaoV1wNWLwgTtRsZods0ZZVSAXg0h4sufT7jSFO6euC9bRh1wXBdWyd+
Install

true
BDOS

false
Anti-VM

false
Install File

driverwinxp.exe
Install-Folder

%AppData%
Hosts

185.208.158.56
Ports

6606,7707,8808
Mutex

r6TN1XNOy6k5
Version

0.5.8
Delay

3
Group

Default
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

VcLHJcMibdziA
Full Name

VcLHJcMibdziA
EntryPoint

System.Void cUWZUOfZxB.rZqGSUsRfMnH::Main()
Scope Name

VcLHJcMibdziA
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

testy
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

120
Main Method

System.Void cUWZUOfZxB.rZqGSUsRfMnH::Main()
Main IL Instruction Count

51
Main IL

ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String cUWZUOfZxB.tEbRKtYuGoBGc::cytDQXfNeDNQczKd call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean cUWZUOfZxB.tEbRKtYuGoBGc::zGQqbNdZZNyRvzUN() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean JZGnJvDsKian.NlYEZWqZocfZQ::NzxduWeFUuOMM() brtrue IL_0043: ldsfld System.String cUWZUOfZxB.tEbRKtYuGoBGc::GnGVQUHAaXvRI ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String cUWZUOfZxB.tEbRKtYuGoBGc::GnGVQUHAaXvRI call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String cUWZUOfZxB.tEbRKtYuGoBGc::FEujbwkcXka call System.Void JZGnJvDsKian.NsoKvNdZbkE::MUDHDepPbdaD() ldsfld System.String cUWZUOfZxB.tEbRKtYuGoBGc::FEujbwkcXka call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String cUWZUOfZxB.tEbRKtYuGoBGc::JMvauzbAjQoo call System.Void ibpoPEHhzVhymP.NVfQIKquIFWovr::rMJpOjZubbdIf() ldsfld System.String cUWZUOfZxB.tEbRKtYuGoBGc::JMvauzbAjQoo call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void JZGnJvDsKian.VykNHgqhVlC::SrACLincfZUIc() call System.Boolean JZGnJvDsKian.VykNHgqhVlC::hFCCmtRrLr() brfalse IL_0089: call System.Void JZGnJvDsKian.VykNHgqhVlC::SrACLincfZUIc() call System.Void JZGnJvDsKian.XliabOTcIy::dOMPJWGXVEYiF() call System.Void JZGnJvDsKian.VykNHgqhVlC::SrACLincfZUIc() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean JXbpLyuQJIbUwMwON.NnhfeLkXeaZSECAF::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void JXbpLyuQJIbUwMwON.NnhfeLkXeaZSECAF::BBIcPDVoby() call System.Void JXbpLyuQJIbUwMwON.NnhfeLkXeaZSECAF::mYBMuqicHdZoj() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop
Module Name

VcLHJcMibdziA
Full Name

VcLHJcMibdziA
EntryPoint

System.Void cUWZUOfZxB.rZqGSUsRfMnH::Main()
Scope Name

VcLHJcMibdziA
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

testy
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

120
Main Method

System.Void cUWZUOfZxB.rZqGSUsRfMnH::Main()
Main IL Instruction Count

51
Main IL

ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String cUWZUOfZxB.tEbRKtYuGoBGc::cytDQXfNeDNQczKd call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean cUWZUOfZxB.tEbRKtYuGoBGc::zGQqbNdZZNyRvzUN() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean JZGnJvDsKian.NlYEZWqZocfZQ::NzxduWeFUuOMM() brtrue IL_0043: ldsfld System.String cUWZUOfZxB.tEbRKtYuGoBGc::GnGVQUHAaXvRI ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String cUWZUOfZxB.tEbRKtYuGoBGc::GnGVQUHAaXvRI call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String cUWZUOfZxB.tEbRKtYuGoBGc::FEujbwkcXka call System.Void JZGnJvDsKian.NsoKvNdZbkE::MUDHDepPbdaD() ldsfld System.String cUWZUOfZxB.tEbRKtYuGoBGc::FEujbwkcXka call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String cUWZUOfZxB.tEbRKtYuGoBGc::JMvauzbAjQoo call System.Void ibpoPEHhzVhymP.NVfQIKquIFWovr::rMJpOjZubbdIf() ldsfld System.String cUWZUOfZxB.tEbRKtYuGoBGc::JMvauzbAjQoo call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void JZGnJvDsKian.VykNHgqhVlC::SrACLincfZUIc() call System.Boolean JZGnJvDsKian.VykNHgqhVlC::hFCCmtRrLr() brfalse IL_0089: call System.Void JZGnJvDsKian.VykNHgqhVlC::SrACLincfZUIc() call System.Void JZGnJvDsKian.XliabOTcIy::dOMPJWGXVEYiF() call System.Void JZGnJvDsKian.VykNHgqhVlC::SrACLincfZUIc() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean JXbpLyuQJIbUwMwON.NnhfeLkXeaZSECAF::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void JXbpLyuQJIbUwMwON.NnhfeLkXeaZSECAF::BBIcPDVoby() call System.Void JXbpLyuQJIbUwMwON.NnhfeLkXeaZSECAF::mYBMuqicHdZoj() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop
Artefacts
Name
 Value
Key (AES_256)

TUR3c2ZXZXhsUkdDcFhoRk91emR3bmUzVWRyRHl1NXo=
CnC

185.208.158.56
Ports

6606
Ports

7707
Ports

8808
Mutex

r6TN1XNOy6k5
d6df6f96a08a21be356413a2b053d1bc (48.64 KB)
File Structure
d6df6f96a08a21be356413a2b053d1bc
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Characteristics
Malware Configuration - AsyncRAT config.
Config. Field
 Value
Key (AES_256)

TUR3c2ZXZXhsUkdDcFhoRk91emR3bmUzVWRyRHl1NXo=
Pastebin

-
Certificate

MIIE8jCCAtqgAwIBAgIQAJfL66BX38vT0eh78NJWDzANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjUwOTE0MjM1MTAxWhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAIr/Fe0abDoOlg6MzyJnJeW/S7Tt9AZOLAOyCT09tIre+dLl4XM4VM7nO+zQfm4sgc0R5Wwz5Vx0VHU1w5G9+pzGpcVsLhd4+UjzZK8rhdx5ZAIGd38DDq5Zqv8aaU4Xr8aZO8ieJ19X7OCQ6G3Ah8lh0BXBm43a2ox4jO8ZrZ50JL/C8zHP67OAlPi2HNzEgiHXx2cLBNz4jxNFpy6KMkY29/ztchYulZteFjE+8GfsOMabbsFEggxywLiCBGnFJoCyy+hl0FZQj9D1NdSqcIBSM5tLTV6CT0wbe79g+m0Huro5cwL/1wYKVhDdGutUfuEi33EbCnqWT1bEFv6UnoCkLfBBFEwLIzACtyhgZ/VrbyUrcvlxO9iRYG9Kut1PkM5FtDyFlmL4gntUuwS0el+QBXi+2Olqa/SLMCz7wNnDXZHojVQh9+EO+SnstRhMUIN+moOpQPP2EI0Za5mIvhnvLOcTXrRsNDK1e7w2yniLsgLcYeGL/Fcp18eJqr/rDYDedqXbUvkJ+UZHsdHLLqCzw+S2+fEC6SluF1CbMYhfpRFjsVr2zxbeQqPWZ8LqDT9hWQi1poVtqIAnVcGv73ZNVYWpX9eaXrAXiUIjcd4EKP04f1QD/9iKhnVagVbM5cvs2DUIXer+C9fsL7dfRc1VHkoDdiQ6ldS2627bqZgJAgMBAAGjMjAwMB0GA1UdDgQWBBQzyoyVSi/DekVoT1YHL25GPqA8wjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQCDZQnR+XgNJR6aCfdi+3OjEEfFCkWY76HcoLYTf3LE3jrftRPMI5Qffxy3Tj+zG50v25kjIf39EaX5n819IddUqIXmAXJ08DiUzH92YIRS93B0PcGJLXQRMOgEn4Dm5w2A48znVP5Guookm89F0D1Ayea/7ZWEjl5vm/f+CbAmZBVONxtEzwlOp/6rq0i21oIXLDlESlVcDhSqJMZ/DM4JDy0gKpxYwVhb2Kz32lSAsalV4/peDMzziTadgt6lPwSZE1SJryBUMMXoZCIB5EoBHMZjA5e5X39rEPa62eEI5Kq2cq0ylBsoi3avVXY4T/ntKP1ITtwWUGPE1ZxtHqCltraP2d/Fl+Mcapwfiwv/1rawTEflCMJvx+wXzjGHnteJol/bEFF5jlu4vVS8p1lr/psmY1vyLv+oosdeCdu8DxbmJ5SmMTrEG/oIxwbdlhyNOvVm5qpkDZ3q8fxbLSfQs5WcwjFrY2+B0+kmi56ze8qerjIcoGsLJCY7mIyh/clNs6poP/SjIWZjR28woZhPfqOuNOEYq8uYVO39ovJ0xtmPDKEmNeoubA9GGBce05Gh7Bo7gi/c9vWJojC83FUHKwECKhIYeaWI56y6S3QDxruDIe58EwmATkbTkPg9EjF9OIR7DR5lkS4xDGYXXQjHH71h7hi/8HZTP6e9O6B63g==
ServerSignature

cVmtx6KFdtSwHygkruCnmBQxAjTrXX2oxTPtOcjTaYs05P0xeexABdecAST5c91uMgDTy34oslRsNNgGuWU11RCpohFSWJj0zbrF9pSirF46vZDjDEqbqUJXZgahzQvHxCYKGimpxeSbTo7lGrBR//ef3+cUwtAA1oCom01f/pVV4ocNKeLlwO0nbZ3AQQWeY1R00Ko5ySosq89DGJCuPPx/9F7RPa+3yLXfDhOlIL4VrKtt086j2hZBcOdb8ZqYEsusRjDrLe5xSSbnmFNxjsy6KqYyHJHYHMuc40iHll8PTay2/dzOH5HNRkvNRI+LjNVjuFtKvUQKp4Rt2oGi+FAwNiAg0skPOcHVCheJgiZiZ0LliNoYKthaBNK6eIFmfTbbmCOFyYb2IncEISceXs0iZX4W8D0ZX3ri3lqgVj/Pv6/hbOEACs28opg6Cxza+RAOEIBQsj0CYKBS6owlG0jq9MBMLUeR8t+gZsKUkOjAQewpmtaU1bWuLCPRJHrmPaDF/YPIBcqQKDlWPSVOfRoyUNTmZ5jFJsxd2qLSEtka59xPFRh747g0vWIu/NkV13Zo7BdV+hAv6edNQVldc3ZwjHtymMSpNIBZZR0wlaoV1wNWLwgTtRsZods0ZZVSAXg0h4sufT7jSFO6euC9bRh1wXBdWyd+
Install

true
BDOS

false
Anti-VM

false
Install File

driverwinxp.exe
Install-Folder

%AppData%
Hosts

185.208.158.56
Ports

6606,7707,8808
Mutex

r6TN1XNOy6k5
Version

0.5.8
Delay

3
Group

Default
Artefacts
Name
 Value Location
Key (AES_256)

TUR3c2ZXZXhsUkdDcFhoRk91emR3bmUzVWRyRHl1NXo=

Malicious

d6df6f96a08a21be356413a2b053d1bc
CnC

185.208.158.56

Malicious

d6df6f96a08a21be356413a2b053d1bc
Ports

6606

Malicious

d6df6f96a08a21be356413a2b053d1bc
Ports

7707

Malicious

d6df6f96a08a21be356413a2b053d1bc
Ports

8808

Malicious

d6df6f96a08a21be356413a2b053d1bc
Mutex

r6TN1XNOy6k5

Malicious

d6df6f96a08a21be356413a2b053d1bc
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙