Symbol Ofbuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | dd0742a933f39e678aac18ccb5eede42
|
| Sha1 | 608a539396ea0ba74c4d65a9275ac79de966011d
|
| Sha256 | c5a9d2df9a41e3b205f0c1d0b888b9e190734481a5d2dbf6e9bd490ae2a4a7eb
|
| Sha384 | cb4102c82ff87069ee237192d9b8705d74197954e39244f3a12842bd0d67a999ca30d9429e88b2056f1783906abdba1b
|
| Sha512 | 3d30b411e3c855f54e32411c8933a5025c637b331248b02de9a3421094c2afb3c55aed14bb7701adeb8a5fb63aeed9fd2f74c955c2449740086e87861ca0f405
|
| SSDeep | 768:kuwpFTAY3IQWUe9jqmo2qLn+2SfO82GtvLNPIfDkAuKPGPS8oE0biF2d5P9DLptp:kuwpFTA4/2c0p7tvLqfDk+PQ5YbiFW/p
|
| TLSH | 13233B007BED826BF27E4F74A8F32115867BB2637602D54D2CC441975A23FC69642AEE
|
PeID
|
Config. Field0 | Value |
|---|---|
| Key (AES_256) | eTlBOGw2ZVRmQUVmb25pa09SQlNOblh1aktjT3BET3Y= |
| Pastebin | - |
| Certificate | MIIE8jCCAtqgAwIBAgIQAIPD6IDCPX9k3Ta4Af91PzANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjUxMDE0MTMzNjE3WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALKgReq7dQBpDhbipYTpfrBQAi94oRN4sYrPTI/pm1pwtZvYkhyg/z7CGVUKzzsvwUxBhXgbl62NFwzAo0TIfxVJT76JpbXb6JbnHJFfUGYnDUnXu4iI2dWNBY0GcwlaF4aGi4lVgTqxAWBQfwrnMzZCHEaXDtlhNMux1d8EBwktzpBoDPJPpe8B/tmkiJbEuSWbsYc3V0Z/VU4Hk4VO6IqkpU+z546MquQUM8QAzg6s6Xdrvk9NEX6xS+6s5W3vlX4VmlvwC7ykHKgdvweEAcYlDEVoJBLgKhEuDISI706UF8x5kYSwnE2FM73bxA/NiR/qS68FnHJsgSHsMvJAkyrH33zboCfhS10OWGHSmZ8ghKW339jOLMNwsX/3CMF5EZYLrD7W4PkX56KDUdL4MLoOtd58e6YH3zU7LyFXe8k1pZcBRYskSw5HgCx/4bexR1zHtJ3oufrvTkbAEWsv/D0s5oEHNImQbp2ozUkuh/Gmj4kPWIOmVeRgnhLhI9mqDFYwCFKt5vJmx8l0EkGS/rS0kZNmNw91QVfNc/z0PQR0QldqG2s+XvQZsiPuL50NfvIvE0z3FbA9GRZrmDjhohjSefZnJRw69n1t+HWGqnoXjAGfgPUIypMClHdZ6Go3HKJu05aIAjpHX2pfXl+C0ANNwhh3nvzd/hj+Tq4JrBGrAgMBAAGjMjAwMB0GA1UdDgQWBBT7+fd/oJEyY2oDzqehUwgvU51kjjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQCWAARTEaEXRRSL/YQbxfDKgiycbbIHPsiqn8n3YUmTExfsl7nFJj4E6AsYdZ9lErQSUaI+pbvmYU8FP7QaxOU/xbBzbIFYPrsqbuP08wNo1nDEEYbCMb6mureNsAQjixZgDxaQ/ysYVzPFCJ8OX3xHEGjVwTsSdMy858ANGX5KyFPknPjGrQrkwFA8DtSrvJoS0knWpDE3gymrZW0DDurOkz7XF95E6kVm+c6HeQMlx6Hu2zP+LkbmPiBCxkV7MIfmfFaJ1CMYgDjVKlKpSouDn57l3oAMPQbFUxR8+PLK/00hwX1mmwVtqqGMalkL9jPLSC+rGO2Mu1AP6K4Vokbq1km0BFPYvX5Ab0MTvTVDqDf0W1Ia0me8pMpoW/nCRyRKsMkt9+slMi7QcVYLANAe7iABixRIc0enUTtcFMA/irrNAa0pR2dj8KEY237wmwdsDhqa8/fkp7oFSoH0Q+XgaDxRk7cv96pxX/yeblxTDxgbfQEefO6IxcKLLwryxlcO6vj2YX+NYeYO10JoHvp+sdyCoHhXpF1QCzLqeyyJCUnzxkiSf5umezLv7hnn/StPX9Rhj12nEcBjd0hO87S9xRIHv8509OEkSdbP9/jaO1ca6QHHcD+KmbVTAM8Gh8qF2hn35vRvSGqzM+nLMFtsrjKG6mzfk5X/Y4FsmxTiHA== |
| ServerSignature | ou36ZqwQkA+xq6ubvosxgAEj5OqhTefyM/ZvLmKx5iRDavtJtnPXQyR0Fl2wwddP9GkdkK1uts+Hmkw2zU7vGE3ONbZ+/nmv0iMPFxqsWE28Fr6VpRsiRsVbtuxInrvawsZpd251EvFDfAWsUUqXxwFepDR1TFGgOn4rSc8yPa6YTyQeyYD18F9hUXAn3KKiV1ZlyUAODq4tjiUZ7udz3VeF5MXfOPbaSSSFx93E8cmbYKivfl26AWWKSl9eEthFrNmwM1yNT2ltxrUZCCm1gbt5ondtx3uUfX1flQctK4bOWzBOGQ0AQlRfxK2wxhXEoFNJNC4sDNRKmF9hp74tiRaBy/8wpaLeTlSPf62sRwLguHvW9FAXpC22vko8QgbninZVeZSDymUFxIQWWW8sKYX3+6mlgiPeCJwNmeUVfYOuVChnVlbZAaN0Q14hRL/mJunh0BJ3IVkQP3WC5lNR8ffT7t6igolTLHDHqccJDLxkq/+lNErOKIN5f/n7q8hcYgImRW020XBn8Q5IBqUKb/KXAZ1s0gc93koZEiITCAy8VolkG1UJSJ+lHL7p7l4r2yr1X9+UE17YvQFfIXHRQ5Yhi214fnlLaboFNh0hPtlcnnoxq+kYKBHaKGrePUF1myVZ/9OMWKpnw5bnNldfT20AV9cQdJ2N |
| Install | true |
| BDOS | false |
| Anti-VM | false |
| Install File | svchost.exe |
| Install-Folder | %AppData% |
| Hosts | 51.68.244.77 |
| Ports | 2031 |
| Mutex | P0o1KuufmrBS |
| Version | 0.5.8 |
| Delay | 3 |
| Group | Default |
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | kLQfTIyxKjTy |
| Full Name | kLQfTIyxKjTy |
| EntryPoint | System.Void sgyOWpYPmi.SFaATsGnhdfyd::Main() |
| Scope Name | kLQfTIyxKjTy |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | AsyncClient |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0,Profile=Client |
| Total Strings | 120 |
| Main Method | System.Void sgyOWpYPmi.SFaATsGnhdfyd::Main() |
| Main IL Instruction Count | 51 |
| Main IL | ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String sgyOWpYPmi.frIHSEjDIj::MftkLFOhtuJpHdm call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean sgyOWpYPmi.frIHSEjDIj::KgLpRUwEWPAZBSq() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean oKFRHZFCwl.GEfOluEMNBEyl::gTWNekFHtFhAacuL() brtrue IL_0043: ldsfld System.String sgyOWpYPmi.frIHSEjDIj::XngZbeRxduo ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String sgyOWpYPmi.frIHSEjDIj::XngZbeRxduo call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String sgyOWpYPmi.frIHSEjDIj::VBlsNWTsQBn call System.Void oKFRHZFCwl.qaqGAeyPoFhK::MTddlAcqKYxvF() ldsfld System.String sgyOWpYPmi.frIHSEjDIj::VBlsNWTsQBn call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String sgyOWpYPmi.frIHSEjDIj::NKRcglWgnHXaSLN call System.Void kxSVSbtBQGzrj.wXbAybaQodNa::gaNwJrhBMUvC() ldsfld System.String sgyOWpYPmi.frIHSEjDIj::NKRcglWgnHXaSLN call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void oKFRHZFCwl.rImKYIQZyCFbuw::SMCrWkIABA() call System.Boolean oKFRHZFCwl.rImKYIQZyCFbuw::bkxGNGuhrVguiH() brfalse IL_0089: call System.Void oKFRHZFCwl.rImKYIQZyCFbuw::SMCrWkIABA() call System.Void oKFRHZFCwl.SIHYcfUnvnS::pxmMNJSvGQI() call System.Void oKFRHZFCwl.rImKYIQZyCFbuw::SMCrWkIABA() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean PyqhMSUKyNtp.bZpxSeDGxYJO::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void PyqhMSUKyNtp.bZpxSeDGxYJO::YSktsfXZptFZbiBE() call System.Void PyqhMSUKyNtp.bZpxSeDGxYJO::FkjHVSEGvW() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop |
| Module Name | kLQfTIyxKjTy |
| Full Name | kLQfTIyxKjTy |
| EntryPoint | System.Void sgyOWpYPmi.SFaATsGnhdfyd::Main() |
| Scope Name | kLQfTIyxKjTy |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | AsyncClient |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0,Profile=Client |
| Total Strings | 120 |
| Main Method | System.Void sgyOWpYPmi.SFaATsGnhdfyd::Main() |
| Main IL Instruction Count | 51 |
| Main IL | ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String sgyOWpYPmi.frIHSEjDIj::MftkLFOhtuJpHdm call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean sgyOWpYPmi.frIHSEjDIj::KgLpRUwEWPAZBSq() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean oKFRHZFCwl.GEfOluEMNBEyl::gTWNekFHtFhAacuL() brtrue IL_0043: ldsfld System.String sgyOWpYPmi.frIHSEjDIj::XngZbeRxduo ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String sgyOWpYPmi.frIHSEjDIj::XngZbeRxduo call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String sgyOWpYPmi.frIHSEjDIj::VBlsNWTsQBn call System.Void oKFRHZFCwl.qaqGAeyPoFhK::MTddlAcqKYxvF() ldsfld System.String sgyOWpYPmi.frIHSEjDIj::VBlsNWTsQBn call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String sgyOWpYPmi.frIHSEjDIj::NKRcglWgnHXaSLN call System.Void kxSVSbtBQGzrj.wXbAybaQodNa::gaNwJrhBMUvC() ldsfld System.String sgyOWpYPmi.frIHSEjDIj::NKRcglWgnHXaSLN call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void oKFRHZFCwl.rImKYIQZyCFbuw::SMCrWkIABA() call System.Boolean oKFRHZFCwl.rImKYIQZyCFbuw::bkxGNGuhrVguiH() brfalse IL_0089: call System.Void oKFRHZFCwl.rImKYIQZyCFbuw::SMCrWkIABA() call System.Void oKFRHZFCwl.SIHYcfUnvnS::pxmMNJSvGQI() call System.Void oKFRHZFCwl.rImKYIQZyCFbuw::SMCrWkIABA() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean PyqhMSUKyNtp.bZpxSeDGxYJO::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void PyqhMSUKyNtp.bZpxSeDGxYJO::YSktsfXZptFZbiBE() call System.Void PyqhMSUKyNtp.bZpxSeDGxYJO::FkjHVSEGvW() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop |
|
Name0 | Value |
|---|---|
| Key (AES_256) | eTlBOGw2ZVRmQUVmb25pa09SQlNOblh1aktjT3BET3Y= |
| CnC | 51.68.244.77 |
| Ports | 2031 |
| Mutex | P0o1KuufmrBS |
|
Config. Field0 | Value |
|---|---|
| Key (AES_256) | eTlBOGw2ZVRmQUVmb25pa09SQlNOblh1aktjT3BET3Y= |
| Pastebin | - |
| Certificate | MIIE8jCCAtqgAwIBAgIQAIPD6IDCPX9k3Ta4Af91PzANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjUxMDE0MTMzNjE3WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALKgReq7dQBpDhbipYTpfrBQAi94oRN4sYrPTI/pm1pwtZvYkhyg/z7CGVUKzzsvwUxBhXgbl62NFwzAo0TIfxVJT76JpbXb6JbnHJFfUGYnDUnXu4iI2dWNBY0GcwlaF4aGi4lVgTqxAWBQfwrnMzZCHEaXDtlhNMux1d8EBwktzpBoDPJPpe8B/tmkiJbEuSWbsYc3V0Z/VU4Hk4VO6IqkpU+z546MquQUM8QAzg6s6Xdrvk9NEX6xS+6s5W3vlX4VmlvwC7ykHKgdvweEAcYlDEVoJBLgKhEuDISI706UF8x5kYSwnE2FM73bxA/NiR/qS68FnHJsgSHsMvJAkyrH33zboCfhS10OWGHSmZ8ghKW339jOLMNwsX/3CMF5EZYLrD7W4PkX56KDUdL4MLoOtd58e6YH3zU7LyFXe8k1pZcBRYskSw5HgCx/4bexR1zHtJ3oufrvTkbAEWsv/D0s5oEHNImQbp2ozUkuh/Gmj4kPWIOmVeRgnhLhI9mqDFYwCFKt5vJmx8l0EkGS/rS0kZNmNw91QVfNc/z0PQR0QldqG2s+XvQZsiPuL50NfvIvE0z3FbA9GRZrmDjhohjSefZnJRw69n1t+HWGqnoXjAGfgPUIypMClHdZ6Go3HKJu05aIAjpHX2pfXl+C0ANNwhh3nvzd/hj+Tq4JrBGrAgMBAAGjMjAwMB0GA1UdDgQWBBT7+fd/oJEyY2oDzqehUwgvU51kjjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQCWAARTEaEXRRSL/YQbxfDKgiycbbIHPsiqn8n3YUmTExfsl7nFJj4E6AsYdZ9lErQSUaI+pbvmYU8FP7QaxOU/xbBzbIFYPrsqbuP08wNo1nDEEYbCMb6mureNsAQjixZgDxaQ/ysYVzPFCJ8OX3xHEGjVwTsSdMy858ANGX5KyFPknPjGrQrkwFA8DtSrvJoS0knWpDE3gymrZW0DDurOkz7XF95E6kVm+c6HeQMlx6Hu2zP+LkbmPiBCxkV7MIfmfFaJ1CMYgDjVKlKpSouDn57l3oAMPQbFUxR8+PLK/00hwX1mmwVtqqGMalkL9jPLSC+rGO2Mu1AP6K4Vokbq1km0BFPYvX5Ab0MTvTVDqDf0W1Ia0me8pMpoW/nCRyRKsMkt9+slMi7QcVYLANAe7iABixRIc0enUTtcFMA/irrNAa0pR2dj8KEY237wmwdsDhqa8/fkp7oFSoH0Q+XgaDxRk7cv96pxX/yeblxTDxgbfQEefO6IxcKLLwryxlcO6vj2YX+NYeYO10JoHvp+sdyCoHhXpF1QCzLqeyyJCUnzxkiSf5umezLv7hnn/StPX9Rhj12nEcBjd0hO87S9xRIHv8509OEkSdbP9/jaO1ca6QHHcD+KmbVTAM8Gh8qF2hn35vRvSGqzM+nLMFtsrjKG6mzfk5X/Y4FsmxTiHA== |
| ServerSignature | ou36ZqwQkA+xq6ubvosxgAEj5OqhTefyM/ZvLmKx5iRDavtJtnPXQyR0Fl2wwddP9GkdkK1uts+Hmkw2zU7vGE3ONbZ+/nmv0iMPFxqsWE28Fr6VpRsiRsVbtuxInrvawsZpd251EvFDfAWsUUqXxwFepDR1TFGgOn4rSc8yPa6YTyQeyYD18F9hUXAn3KKiV1ZlyUAODq4tjiUZ7udz3VeF5MXfOPbaSSSFx93E8cmbYKivfl26AWWKSl9eEthFrNmwM1yNT2ltxrUZCCm1gbt5ondtx3uUfX1flQctK4bOWzBOGQ0AQlRfxK2wxhXEoFNJNC4sDNRKmF9hp74tiRaBy/8wpaLeTlSPf62sRwLguHvW9FAXpC22vko8QgbninZVeZSDymUFxIQWWW8sKYX3+6mlgiPeCJwNmeUVfYOuVChnVlbZAaN0Q14hRL/mJunh0BJ3IVkQP3WC5lNR8ffT7t6igolTLHDHqccJDLxkq/+lNErOKIN5f/n7q8hcYgImRW020XBn8Q5IBqUKb/KXAZ1s0gc93koZEiITCAy8VolkG1UJSJ+lHL7p7l4r2yr1X9+UE17YvQFfIXHRQ5Yhi214fnlLaboFNh0hPtlcnnoxq+kYKBHaKGrePUF1myVZ/9OMWKpnw5bnNldfT20AV9cQdJ2N |
| Install | true |
| BDOS | false |
| Anti-VM | false |
| Install File | svchost.exe |
| Install-Folder | %AppData% |
| Hosts | 51.68.244.77 |
| Ports | 2031 |
| Mutex | P0o1KuufmrBS |
| Version | 0.5.8 |
| Delay | 3 |
| Group | Default |
|
Name0 | Value | Location |
|---|---|---|
| Key (AES_256) | eTlBOGw2ZVRmQUVmb25pa09SQlNOblh1aktjT3BET3Y= Malicious |
dd0742a933f39e678aac18ccb5eede42 |
| CnC | 51.68.244.77 Malicious |
dd0742a933f39e678aac18ccb5eede42 |
| Ports | 2031 Malicious |
dd0742a933f39e678aac18ccb5eede42 |
| Mutex | P0o1KuufmrBS Malicious |
dd0742a933f39e678aac18ccb5eede42 |