Malicious
Malicious

dd0742a933f39e678aac18ccb5eede42

PE Executable
|
MD5: dd0742a933f39e678aac18ccb5eede42
|
Size: 48.64 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
dd0742a933f39e678aac18ccb5eede42
Sha1
608a539396ea0ba74c4d65a9275ac79de966011d
Sha256
c5a9d2df9a41e3b205f0c1d0b888b9e190734481a5d2dbf6e9bd490ae2a4a7eb
Sha384
cb4102c82ff87069ee237192d9b8705d74197954e39244f3a12842bd0d67a999ca30d9429e88b2056f1783906abdba1b
Sha512
3d30b411e3c855f54e32411c8933a5025c637b331248b02de9a3421094c2afb3c55aed14bb7701adeb8a5fb63aeed9fd2f74c955c2449740086e87861ca0f405
SSDeep
768:kuwpFTAY3IQWUe9jqmo2qLn+2SfO82GtvLNPIfDkAuKPGPS8oE0biF2d5P9DLptp:kuwpFTA4/2c0p7tvLqfDk+PQ5YbiFW/p
TLSH
13233B007BED826BF27E4F74A8F32115867BB2637602D54D2CC441975A23FC69642AEE

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
dd0742a933f39e678aac18ccb5eede42
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - AsyncRAT config.
Config. Field
 Value
Key (AES_256)

eTlBOGw2ZVRmQUVmb25pa09SQlNOblh1aktjT3BET3Y=
Pastebin

-
Certificate

MIIE8jCCAtqgAwIBAgIQAIPD6IDCPX9k3Ta4Af91PzANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjUxMDE0MTMzNjE3WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALKgReq7dQBpDhbipYTpfrBQAi94oRN4sYrPTI/pm1pwtZvYkhyg/z7CGVUKzzsvwUxBhXgbl62NFwzAo0TIfxVJT76JpbXb6JbnHJFfUGYnDUnXu4iI2dWNBY0GcwlaF4aGi4lVgTqxAWBQfwrnMzZCHEaXDtlhNMux1d8EBwktzpBoDPJPpe8B/tmkiJbEuSWbsYc3V0Z/VU4Hk4VO6IqkpU+z546MquQUM8QAzg6s6Xdrvk9NEX6xS+6s5W3vlX4VmlvwC7ykHKgdvweEAcYlDEVoJBLgKhEuDISI706UF8x5kYSwnE2FM73bxA/NiR/qS68FnHJsgSHsMvJAkyrH33zboCfhS10OWGHSmZ8ghKW339jOLMNwsX/3CMF5EZYLrD7W4PkX56KDUdL4MLoOtd58e6YH3zU7LyFXe8k1pZcBRYskSw5HgCx/4bexR1zHtJ3oufrvTkbAEWsv/D0s5oEHNImQbp2ozUkuh/Gmj4kPWIOmVeRgnhLhI9mqDFYwCFKt5vJmx8l0EkGS/rS0kZNmNw91QVfNc/z0PQR0QldqG2s+XvQZsiPuL50NfvIvE0z3FbA9GRZrmDjhohjSefZnJRw69n1t+HWGqnoXjAGfgPUIypMClHdZ6Go3HKJu05aIAjpHX2pfXl+C0ANNwhh3nvzd/hj+Tq4JrBGrAgMBAAGjMjAwMB0GA1UdDgQWBBT7+fd/oJEyY2oDzqehUwgvU51kjjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQCWAARTEaEXRRSL/YQbxfDKgiycbbIHPsiqn8n3YUmTExfsl7nFJj4E6AsYdZ9lErQSUaI+pbvmYU8FP7QaxOU/xbBzbIFYPrsqbuP08wNo1nDEEYbCMb6mureNsAQjixZgDxaQ/ysYVzPFCJ8OX3xHEGjVwTsSdMy858ANGX5KyFPknPjGrQrkwFA8DtSrvJoS0knWpDE3gymrZW0DDurOkz7XF95E6kVm+c6HeQMlx6Hu2zP+LkbmPiBCxkV7MIfmfFaJ1CMYgDjVKlKpSouDn57l3oAMPQbFUxR8+PLK/00hwX1mmwVtqqGMalkL9jPLSC+rGO2Mu1AP6K4Vokbq1km0BFPYvX5Ab0MTvTVDqDf0W1Ia0me8pMpoW/nCRyRKsMkt9+slMi7QcVYLANAe7iABixRIc0enUTtcFMA/irrNAa0pR2dj8KEY237wmwdsDhqa8/fkp7oFSoH0Q+XgaDxRk7cv96pxX/yeblxTDxgbfQEefO6IxcKLLwryxlcO6vj2YX+NYeYO10JoHvp+sdyCoHhXpF1QCzLqeyyJCUnzxkiSf5umezLv7hnn/StPX9Rhj12nEcBjd0hO87S9xRIHv8509OEkSdbP9/jaO1ca6QHHcD+KmbVTAM8Gh8qF2hn35vRvSGqzM+nLMFtsrjKG6mzfk5X/Y4FsmxTiHA==
ServerSignature

ou36ZqwQkA+xq6ubvosxgAEj5OqhTefyM/ZvLmKx5iRDavtJtnPXQyR0Fl2wwddP9GkdkK1uts+Hmkw2zU7vGE3ONbZ+/nmv0iMPFxqsWE28Fr6VpRsiRsVbtuxInrvawsZpd251EvFDfAWsUUqXxwFepDR1TFGgOn4rSc8yPa6YTyQeyYD18F9hUXAn3KKiV1ZlyUAODq4tjiUZ7udz3VeF5MXfOPbaSSSFx93E8cmbYKivfl26AWWKSl9eEthFrNmwM1yNT2ltxrUZCCm1gbt5ondtx3uUfX1flQctK4bOWzBOGQ0AQlRfxK2wxhXEoFNJNC4sDNRKmF9hp74tiRaBy/8wpaLeTlSPf62sRwLguHvW9FAXpC22vko8QgbninZVeZSDymUFxIQWWW8sKYX3+6mlgiPeCJwNmeUVfYOuVChnVlbZAaN0Q14hRL/mJunh0BJ3IVkQP3WC5lNR8ffT7t6igolTLHDHqccJDLxkq/+lNErOKIN5f/n7q8hcYgImRW020XBn8Q5IBqUKb/KXAZ1s0gc93koZEiITCAy8VolkG1UJSJ+lHL7p7l4r2yr1X9+UE17YvQFfIXHRQ5Yhi214fnlLaboFNh0hPtlcnnoxq+kYKBHaKGrePUF1myVZ/9OMWKpnw5bnNldfT20AV9cQdJ2N
Install

true
BDOS

false
Anti-VM

false
Install File

svchost.exe
Install-Folder

%AppData%
Hosts

51.68.244.77
Ports

2031
Mutex

P0o1KuufmrBS
Version

0.5.8
Delay

3
Group

Default
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

kLQfTIyxKjTy
Full Name

kLQfTIyxKjTy
EntryPoint

System.Void sgyOWpYPmi.SFaATsGnhdfyd::Main()
Scope Name

kLQfTIyxKjTy
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

AsyncClient
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

120
Main Method

System.Void sgyOWpYPmi.SFaATsGnhdfyd::Main()
Main IL Instruction Count

51
Main IL

ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String sgyOWpYPmi.frIHSEjDIj::MftkLFOhtuJpHdm call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean sgyOWpYPmi.frIHSEjDIj::KgLpRUwEWPAZBSq() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean oKFRHZFCwl.GEfOluEMNBEyl::gTWNekFHtFhAacuL() brtrue IL_0043: ldsfld System.String sgyOWpYPmi.frIHSEjDIj::XngZbeRxduo ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String sgyOWpYPmi.frIHSEjDIj::XngZbeRxduo call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String sgyOWpYPmi.frIHSEjDIj::VBlsNWTsQBn call System.Void oKFRHZFCwl.qaqGAeyPoFhK::MTddlAcqKYxvF() ldsfld System.String sgyOWpYPmi.frIHSEjDIj::VBlsNWTsQBn call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String sgyOWpYPmi.frIHSEjDIj::NKRcglWgnHXaSLN call System.Void kxSVSbtBQGzrj.wXbAybaQodNa::gaNwJrhBMUvC() ldsfld System.String sgyOWpYPmi.frIHSEjDIj::NKRcglWgnHXaSLN call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void oKFRHZFCwl.rImKYIQZyCFbuw::SMCrWkIABA() call System.Boolean oKFRHZFCwl.rImKYIQZyCFbuw::bkxGNGuhrVguiH() brfalse IL_0089: call System.Void oKFRHZFCwl.rImKYIQZyCFbuw::SMCrWkIABA() call System.Void oKFRHZFCwl.SIHYcfUnvnS::pxmMNJSvGQI() call System.Void oKFRHZFCwl.rImKYIQZyCFbuw::SMCrWkIABA() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean PyqhMSUKyNtp.bZpxSeDGxYJO::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void PyqhMSUKyNtp.bZpxSeDGxYJO::YSktsfXZptFZbiBE() call System.Void PyqhMSUKyNtp.bZpxSeDGxYJO::FkjHVSEGvW() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop
Module Name

kLQfTIyxKjTy
Full Name

kLQfTIyxKjTy
EntryPoint

System.Void sgyOWpYPmi.SFaATsGnhdfyd::Main()
Scope Name

kLQfTIyxKjTy
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

AsyncClient
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

120
Main Method

System.Void sgyOWpYPmi.SFaATsGnhdfyd::Main()
Main IL Instruction Count

51
Main IL

ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String sgyOWpYPmi.frIHSEjDIj::MftkLFOhtuJpHdm call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean sgyOWpYPmi.frIHSEjDIj::KgLpRUwEWPAZBSq() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean oKFRHZFCwl.GEfOluEMNBEyl::gTWNekFHtFhAacuL() brtrue IL_0043: ldsfld System.String sgyOWpYPmi.frIHSEjDIj::XngZbeRxduo ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String sgyOWpYPmi.frIHSEjDIj::XngZbeRxduo call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String sgyOWpYPmi.frIHSEjDIj::VBlsNWTsQBn call System.Void oKFRHZFCwl.qaqGAeyPoFhK::MTddlAcqKYxvF() ldsfld System.String sgyOWpYPmi.frIHSEjDIj::VBlsNWTsQBn call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String sgyOWpYPmi.frIHSEjDIj::NKRcglWgnHXaSLN call System.Void kxSVSbtBQGzrj.wXbAybaQodNa::gaNwJrhBMUvC() ldsfld System.String sgyOWpYPmi.frIHSEjDIj::NKRcglWgnHXaSLN call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void oKFRHZFCwl.rImKYIQZyCFbuw::SMCrWkIABA() call System.Boolean oKFRHZFCwl.rImKYIQZyCFbuw::bkxGNGuhrVguiH() brfalse IL_0089: call System.Void oKFRHZFCwl.rImKYIQZyCFbuw::SMCrWkIABA() call System.Void oKFRHZFCwl.SIHYcfUnvnS::pxmMNJSvGQI() call System.Void oKFRHZFCwl.rImKYIQZyCFbuw::SMCrWkIABA() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean PyqhMSUKyNtp.bZpxSeDGxYJO::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void PyqhMSUKyNtp.bZpxSeDGxYJO::YSktsfXZptFZbiBE() call System.Void PyqhMSUKyNtp.bZpxSeDGxYJO::FkjHVSEGvW() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop
Artefacts
Name
 Value
Key (AES_256)

eTlBOGw2ZVRmQUVmb25pa09SQlNOblh1aktjT3BET3Y=
CnC

51.68.244.77
Ports

2031
Mutex

P0o1KuufmrBS
dd0742a933f39e678aac18ccb5eede42 (48.64 KB)
File Structure
dd0742a933f39e678aac18ccb5eede42
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Characteristics
Malware Configuration - AsyncRAT config.
Config. Field
 Value
Key (AES_256)

eTlBOGw2ZVRmQUVmb25pa09SQlNOblh1aktjT3BET3Y=
Pastebin

-
Certificate

MIIE8jCCAtqgAwIBAgIQAIPD6IDCPX9k3Ta4Af91PzANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjUxMDE0MTMzNjE3WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALKgReq7dQBpDhbipYTpfrBQAi94oRN4sYrPTI/pm1pwtZvYkhyg/z7CGVUKzzsvwUxBhXgbl62NFwzAo0TIfxVJT76JpbXb6JbnHJFfUGYnDUnXu4iI2dWNBY0GcwlaF4aGi4lVgTqxAWBQfwrnMzZCHEaXDtlhNMux1d8EBwktzpBoDPJPpe8B/tmkiJbEuSWbsYc3V0Z/VU4Hk4VO6IqkpU+z546MquQUM8QAzg6s6Xdrvk9NEX6xS+6s5W3vlX4VmlvwC7ykHKgdvweEAcYlDEVoJBLgKhEuDISI706UF8x5kYSwnE2FM73bxA/NiR/qS68FnHJsgSHsMvJAkyrH33zboCfhS10OWGHSmZ8ghKW339jOLMNwsX/3CMF5EZYLrD7W4PkX56KDUdL4MLoOtd58e6YH3zU7LyFXe8k1pZcBRYskSw5HgCx/4bexR1zHtJ3oufrvTkbAEWsv/D0s5oEHNImQbp2ozUkuh/Gmj4kPWIOmVeRgnhLhI9mqDFYwCFKt5vJmx8l0EkGS/rS0kZNmNw91QVfNc/z0PQR0QldqG2s+XvQZsiPuL50NfvIvE0z3FbA9GRZrmDjhohjSefZnJRw69n1t+HWGqnoXjAGfgPUIypMClHdZ6Go3HKJu05aIAjpHX2pfXl+C0ANNwhh3nvzd/hj+Tq4JrBGrAgMBAAGjMjAwMB0GA1UdDgQWBBT7+fd/oJEyY2oDzqehUwgvU51kjjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQCWAARTEaEXRRSL/YQbxfDKgiycbbIHPsiqn8n3YUmTExfsl7nFJj4E6AsYdZ9lErQSUaI+pbvmYU8FP7QaxOU/xbBzbIFYPrsqbuP08wNo1nDEEYbCMb6mureNsAQjixZgDxaQ/ysYVzPFCJ8OX3xHEGjVwTsSdMy858ANGX5KyFPknPjGrQrkwFA8DtSrvJoS0knWpDE3gymrZW0DDurOkz7XF95E6kVm+c6HeQMlx6Hu2zP+LkbmPiBCxkV7MIfmfFaJ1CMYgDjVKlKpSouDn57l3oAMPQbFUxR8+PLK/00hwX1mmwVtqqGMalkL9jPLSC+rGO2Mu1AP6K4Vokbq1km0BFPYvX5Ab0MTvTVDqDf0W1Ia0me8pMpoW/nCRyRKsMkt9+slMi7QcVYLANAe7iABixRIc0enUTtcFMA/irrNAa0pR2dj8KEY237wmwdsDhqa8/fkp7oFSoH0Q+XgaDxRk7cv96pxX/yeblxTDxgbfQEefO6IxcKLLwryxlcO6vj2YX+NYeYO10JoHvp+sdyCoHhXpF1QCzLqeyyJCUnzxkiSf5umezLv7hnn/StPX9Rhj12nEcBjd0hO87S9xRIHv8509OEkSdbP9/jaO1ca6QHHcD+KmbVTAM8Gh8qF2hn35vRvSGqzM+nLMFtsrjKG6mzfk5X/Y4FsmxTiHA==
ServerSignature

ou36ZqwQkA+xq6ubvosxgAEj5OqhTefyM/ZvLmKx5iRDavtJtnPXQyR0Fl2wwddP9GkdkK1uts+Hmkw2zU7vGE3ONbZ+/nmv0iMPFxqsWE28Fr6VpRsiRsVbtuxInrvawsZpd251EvFDfAWsUUqXxwFepDR1TFGgOn4rSc8yPa6YTyQeyYD18F9hUXAn3KKiV1ZlyUAODq4tjiUZ7udz3VeF5MXfOPbaSSSFx93E8cmbYKivfl26AWWKSl9eEthFrNmwM1yNT2ltxrUZCCm1gbt5ondtx3uUfX1flQctK4bOWzBOGQ0AQlRfxK2wxhXEoFNJNC4sDNRKmF9hp74tiRaBy/8wpaLeTlSPf62sRwLguHvW9FAXpC22vko8QgbninZVeZSDymUFxIQWWW8sKYX3+6mlgiPeCJwNmeUVfYOuVChnVlbZAaN0Q14hRL/mJunh0BJ3IVkQP3WC5lNR8ffT7t6igolTLHDHqccJDLxkq/+lNErOKIN5f/n7q8hcYgImRW020XBn8Q5IBqUKb/KXAZ1s0gc93koZEiITCAy8VolkG1UJSJ+lHL7p7l4r2yr1X9+UE17YvQFfIXHRQ5Yhi214fnlLaboFNh0hPtlcnnoxq+kYKBHaKGrePUF1myVZ/9OMWKpnw5bnNldfT20AV9cQdJ2N
Install

true
BDOS

false
Anti-VM

false
Install File

svchost.exe
Install-Folder

%AppData%
Hosts

51.68.244.77
Ports

2031
Mutex

P0o1KuufmrBS
Version

0.5.8
Delay

3
Group

Default
Artefacts
Name
 Value Location
Key (AES_256)

eTlBOGw2ZVRmQUVmb25pa09SQlNOblh1aktjT3BET3Y=

Malicious

dd0742a933f39e678aac18ccb5eede42
CnC

51.68.244.77

Malicious

dd0742a933f39e678aac18ccb5eede42
Ports

2031

Malicious

dd0742a933f39e678aac18ccb5eede42
Mutex

P0o1KuufmrBS

Malicious

dd0742a933f39e678aac18ccb5eede42
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙