d8dcf08a1825ad4b3b45860f9849288f

PE Executable
|
MD5: d8dcf08a1825ad4b3b45860f9849288f
|
Size: 47.62 KB
|
application/x-dosexec

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	d8dcf08a1825ad4b3b45860f9849288f
Sha1	4d240b52705be3f6e03d411422fb926f219eedd8
Sha256	00d03d0cec73743249e196752c767972467a1fab87198bf6b386143fd3bfa212
Sha384	14c55d159e19eec3015f6df99f84066043f89b3c1933c63e6185aa0d52ea2c44f2332e678d8d31ed7fc2b71c1cffb48a
Sha512	a15fcb2b3d02ea7deb38b9be6c8f840ecb5be1199b8cb13f36debc038983a7a2fa62aa446361bf711382571b6be95307990b2e2f1a42b29f3f418c053c4044dc
SSDeep	768:5q7T1bXgg4yox4kOicvHk3eHlWMPbPgF0qE6enX5L6nAJGYI6OCrZtYcFmVc6K:5B76XvZH0ub4FrElJL6nB6OqZmVcl
TLSH	04231A003BE98126E2BE5FB89DF1614187BAE6633603D65E3CC941D74B137C6CA41AF6

PeID

.NET executable

Microsoft Visual C# / Basic .NET

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL

Microsoft Visual C# v7.0 / Basic .NET

Microsoft Visual Studio .NET

File Structure

Malware Configuration - AsyncRAT config.

Config. Field0	Value
Key (AES_256)	eDJPS3N2VExXOXc4VjJqY1E4a0FCeTVoTTVoeVdwMlc=
Pastebin	-
Certificate	MIIE8jCCAtqgAwIBAgIQAIynjswp5Gl8eVIN+czSszANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjYwMjIwMTQ0OTU1WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAIKvdbb6mVTZ9WeArMfmokBGzjKJvBpcM9FVZ2FWj12PBPYHrJQS9JMPfyu9wwBf7A4BN+44CMeffznQMnBGdGCwYugDMkn8tq5yc+Wq06CVFbRf9KrMFhnvd/rNJOwUm7h2MweGqQNJbi7oE8mO9vLtQoWC+tpM6H9AEowILLrjmtRLmE4hSuVHdogqKZGOya3MWNh9gwkZK3HkRdtG30Z8h2NwVHIzQiiow5EYVT+pvAQMYJXi6LKdfztduNzHQQk9RxLi27GGnCPxN8gONKtwKY1dTTDVHqljv9FBdv0r3svk8qj6P4vKK8kGGDUtZ2xZYr0RPLmk/DwQ+Aal/ySuFOL5q4b/prKwOnZMNDjGd9GJKGXqQyEGSLhXLaohPU/qknTItqCLcw15OVzDc4FXV52JDXZD5U5IqFrSg/C04KpW0AGnr3f4omtPL9mgXK4aTin3LuxniWiM4zIgj1pbYBvoG0MUBzBc2Zwx/blO0OpuvG6wxwX51dHxKaVaXzGia9e/tc6LdbijoFTafYKj5vBOANq6ti3NRVPIr/n289Jd8lPB8lZODxH0plKBFrFIOO+xBUrX9lpvyq3vYz3TclqouAx5lWAxZqiohZJvlreb2PxXY4HUJ2fh50SJ8y6Etv/6k5K7LrLJOD3ZbVtnt3F44uP7dODsBiwDv60vAgMBAAGjMjAwMB0GA1UdDgQWBBSKODt59JlTKOKuC/TSqGnbnxC6szAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQBWuOJFfncseaIIOku3Ho4PWQdx/HvOGQEN1ciB2Lv8V9nH5LdLQDNIW/qMqstS6A9WFSuIyg8m/pqU5MEu1QobNtzgPtI0fymRNAI4AJQHqNpS78jC4UmGwT9rlpoYzg6iMgjOFR+x1o607PKVb6+0yZwaHWlCI50c6VVOOqwI8nT1k+IM8YiBOx5KrqxBlTHW5pSkXpiOfEkvCBZIbQ1psq1FTfu0MdJjPVNz3qqLErn4u5Re5cBu4Uj2j92G4KQzxV9Jm2ylVWDNeZdfBI6eyqC8i7Y3sB2oKJEhc1GIO05rVoJm6h4CJY9B4IIvST4XGEN6jtfCAdnpDNggmbrxmist+Gh8HvSjwUytPLzyJEKqLlj7ZpJS0CHABiYc7wmoCp3RVZOiWcMSvBSPPpUrJ3pfwduG8Ec9+9poJ7GWqclh/AZ5AXBowXt7kxr/8YtC4sVotZvoBye6dlzoEQBkQC6Myih61E0xZ9tp0Wm98j98DxZrO/7/ZFl/rFAC9sEkJ8zaEIb5N3JZrAfC9ujgOAetC51Jruq1If6Ueq1LN3d1uMi90suXATqn1FRctHcXoItdgYXvLyaHS3riME8q0l/ZV6djO4d7hdG809kp62gs5l5NwnJ8JDQE+9zr9MCvLtSFVvx8+GB2+vo6rDj68T9viCej7/SqBvaDAgxx9A==
ServerSignature	Bo9u2u03nFrOwMRlcdvP0XqX3lLMV6EdM6V6KF4YCENx2d7+De5EXhsmMqhgPsFwtEhX+Y64NcqJCVgVsYFARl/xsPmRTjzjOooFC9387C4y+okHbcz4neJzhwt+HaIo6FMA50lup5pFTMZA7onBqUEupSqje+gRj6uvjwliVkhIRgjEYvwmATL/P4Y//EUIy+yTt7gOCA59UP6Fkv2yWTCDkKOwP+HyQLTcdqa1bGXQ2Mb+ooX7Izg8cmCAcVLoWOQSWYsY1Pt3xocDqF21+fwQIQYv57h1HRtUns3iaRK9pRrC//phkCSiNDVTbMK2ZvFW6XDyibmXfUqDGyvFPfU7DOyn+YL+MHx7gKLz1b1Y/FZcbMQPtq9KJYWInSat9twRoViNvePpjEig/N4MIr4cOaYX8bwgsbpWJ3hvrIYiEwe5xc+dlpRO/wqid9BmSjICEf2OK2i8w/4UGvmIfh4o69MdBePT5HpjI8diK5oHH0zs2eg6YnTjjY9sC0E3itQNnLhggEacX5UpW+u3q+OAUY+3MG+I/V4TW8nTvT4BKaHG+vQCqauS+afH+vyyfkYML6IWnbk2X/mZvcGM8U04I0jukfd5v2WaBggbvyq8isTh8uuqWMEnwogQCDQt+cEhDMz8HOzcbz23jsq/bpAoOv+kPhJZtFH6TPkrJW8=
Install	false
BDOS	false
Anti-VM	false
Install File	data.exe
Install-Folder	%AppData%
Version	0.5.6A
Hosts	suabepga.com.vn
Ports	6606,7707,8808
Mutex	aomulsozkmfiunzcp
Delay	5

Informations

Name0	Value
Info	PE Detect: PeReader OK (file layout)
Module Name	Stub.exe
Full Name	Stub.exe
EntryPoint	System.Void Client.Program::Main()
Scope Name	Stub.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Stub
Assembly Version	1.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.0,Profile=Client
Total Strings	130
Main Method	System.Void Client.Program::Main()
Main IL Instruction Count	53
Main IL	ldc.i4.0 <null> stloc.0 <null> br.s IL_0012: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::Delay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0004: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue.s IL_002C: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue.s IL_003A: ldsfld System.String Client.Settings::Anti ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String Client.Settings::Anti call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_004B: ldsfld System.String Client.Settings::Install call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() ldsfld System.String Client.Settings::Install call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_005C: ldsfld System.String Client.Settings::BDOS call System.Void Client.Install.NormalStartup::Install() ldsfld System.String Client.Settings::BDOS call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_0074: call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse.s IL_0074: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.ProcessCritical::Set() call System.Void Client.Helper.Methods::PreventSleep() newobj System.Void Client.Helper.CheckMiner::.ctor() call System.String Client.Helper.CheckMiner::GetProcess() pop <null> leave.s IL_0089: call System.Boolean Client.Connection.ClientSocket::get_IsConnected() pop <null> leave.s IL_0089: call System.Boolean Client.Connection.ClientSocket::get_IsConnected() call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue.s IL_009A: newobj System.Void System.Random::.ctor() call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() newobj System.Void System.Random::.ctor() ldc.i4 1000 ldc.i4 5000 callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0089: call System.Boolean Client.Connection.ClientSocket::get_IsConnected()
Module Name	Stub.exe
Full Name	Stub.exe
EntryPoint	System.Void Client.Program::Main()
Scope Name	Stub.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Stub
Assembly Version	1.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.0,Profile=Client
Total Strings	130
Main Method	System.Void Client.Program::Main()
Main IL Instruction Count	53
Main IL	ldc.i4.0 <null> stloc.0 <null> br.s IL_0012: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::Delay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0004: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue.s IL_002C: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue.s IL_003A: ldsfld System.String Client.Settings::Anti ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String Client.Settings::Anti call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_004B: ldsfld System.String Client.Settings::Install call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() ldsfld System.String Client.Settings::Install call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_005C: ldsfld System.String Client.Settings::BDOS call System.Void Client.Install.NormalStartup::Install() ldsfld System.String Client.Settings::BDOS call System.Boolean System.Convert::ToBoolean(System.String) brfalse.s IL_0074: call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse.s IL_0074: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.ProcessCritical::Set() call System.Void Client.Helper.Methods::PreventSleep() newobj System.Void Client.Helper.CheckMiner::.ctor() call System.String Client.Helper.CheckMiner::GetProcess() pop <null> leave.s IL_0089: call System.Boolean Client.Connection.ClientSocket::get_IsConnected() pop <null> leave.s IL_0089: call System.Boolean Client.Connection.ClientSocket::get_IsConnected() call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue.s IL_009A: newobj System.Void System.Random::.ctor() call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() newobj System.Void System.Random::.ctor() ldc.i4 1000 ldc.i4 5000 callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0089: call System.Boolean Client.Connection.ClientSocket::get_IsConnected()

Artefacts

Name0	Value
Key (AES_256)	eDJPS3N2VExXOXc4VjJqY1E4a0FCeTVoTTVoeVdwMlc=
CnC	suabepga.com.vn
Ports	6606
Ports	7707
Ports	8808
Mutex	aomulsozkmfiunzcp

d8dcf08a1825ad4b3b45860f9849288f (47.62 KB)

d8dcf08a1825ad4b3b45860f9849288f

PE Executable | MD5: d8dcf08a1825ad4b3b45860f9849288f | Size: 47.62 KB | application/x-dosexec

PE Executable
|
MD5: d8dcf08a1825ad4b3b45860f9849288f
|
Size: 47.62 KB
|
application/x-dosexec