Malicious
Malicious

e51acd6dd40d6a222c5d831fe5eb7898

PE Executable
|
MD5: e51acd6dd40d6a222c5d831fe5eb7898
|
Size: 48.13 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Low

Hash
 Hash Value
MD5
e51acd6dd40d6a222c5d831fe5eb7898
Sha1
20d95716bd363f82e3cc28dbc228022a43bb2aa2
Sha256
7342988689d731203018dcda74937b54d614323a1dc43cf85d3239b9f62c1ae4
Sha384
0b99dce97e5db0c84be585e0794ed35e4540b0b1ffa5275d36156328c4f2421ba7c543d96f6c76d2cc57fddcd430530c
Sha512
792f82d7c48ea34d95eed22da1f6e4539646fb13e7034135917c14c273efd01ea92a549b1f06a5ca6222fd198a2c1a47d707bbe0281b70178241b392f8ea66ed
SSDeep
768:Kue+pTjVOoYWUiMA6Omo2q4u4Jr3NJ8lVVOPINzjbwg53iS0/fepAdWg7BvwEP3d:Kue+pTjAXY2m4JRmf3N3b35Sj/T1BTd9
TLSH
C3233B003BE9812BF2BF5F789DF25145867EF5633603E54E1C84029B5623FC59A826FA

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
e51acd6dd40d6a222c5d831fe5eb7898
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - AsyncRAT config.
Config. Field
 Value
Key (AES_256)

VkNDS0pzdmd6RElxZGhvSmZzTld5NWV6SUtTSTJuYXY=
Pastebin

-
Certificate

MIIE8jCCAtqgAwIBAgIQAKYcHhywGGUI7zsI52X33zANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjYwMTA5MTQwOTQxWhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALLQZ2j5/rFi4J33YCqbK7w2so7ZNUuWu1DnCEppESTA3fChXi8O7SL0OEH6qJgL8hlpR02i/NevdFjd3fMgQSaIs/HslP2kqveuO9ZaA8pWiDqkW4XKZyYOQBLGXFnM7v1qgHrkIE6s9nSN28X5UBIBdVRX0xWPW6ZNTb7PglMY8krMhV2ZhMQGJfMt32F5ReWbjVMjSbidVMHzCcPGeOsN0PPUHudCP5AMd1RmePLtgt1G60jJosKG2wjBMCIUYX7QmZ0bWsvapNTtPJ1hmN6hV+l/LLMp2IroA9oANqY1pUVlgpqNRTi4hXcXymN+Up4pYmmYNT0qyJAegYzRbFaSZtSRPZ1FOUuHu9glsn0/T7C/1yN2M8LMUuSAShOTY/mxIdywbFUHSlen976q4ee2soGtkwMQMFfd9pkSRXNPLLfPXBDty9+7U93NNepz3AtF/hPPUUdDjM9JiRaZBn4wTBrveLsAtek1xXnQpp6a6w3gfLUvAh6CM9MiSxzwi8o81iMSbdsskH/urDxoQQI+09W0kYSpom5naDSIJSYa3zDJ3Ug91uycZAPdHZ1+kxGCrCl6aUBaKsSLsyXhXF9A7RfzdUD4ROF9M+zVlMRHYnpQ78WHFQBEOhU6clKeWusVVI8YEkjRBKh3HtLbHjjjkFk2AZQ1aaF/sp+pMR7XAgMBAAGjMjAwMB0GA1UdDgQWBBSmNvCzqQmbV6fBeMIZzpZmenxn7zAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQAP9P0Lq/KqHcuDmT5LuEd0rWfB4Mgeivc+Hu62RxLGxYkewJnl7yaxlL+uK2LjIYObXyZLPdwZcX3u1ea2505PIXEpdydUu254xUrPDDEsBEJI9sbzfgGnCh7ZoPxt9YSJ8KuFKu7abbuSUYFo9MGv4dmpCEDziASTj6g7OBp3kffPftKY4EAPBodPbKeKVtrjqOIOos2CcfVXxZtWoDPMCZl7eYJO0qf5rPsAWUfNn87rkG3PDp33bedZgtZauKAWeh3iJfgxD04qIBilQw9IO1YD8nfa23GteM7QZHZWToJVXKEY1F1bT2WdS42h8PMtBLbvlmV9Gy2QIVjC0wX3zXA3bgWEN/M+A9J/7Mz8hJ8Uy/hBjMyVI7epH7UIgWicar3rtMsIvVg97PYe6yw6R9BjSZdVQZ0F7FRJPuETACAeH90EAmtatTnBIjQlpF7lU+NXFPC4WfmYo7zIVKcVc4AKKlrvG8NW2B6hLxYmZ5QgkGQucNAAgiBkm9cgo2ffq1FE4G8jjipahr8g8KCIKULONvRLdhOt6RMOTPnOeOzz7gPTjFQ/Ey1vC44IV5iroIJd9L82vsMb0mZSg70iQpQXzKixf8YRTbENqtCnDyyl61dpPyuTFw0JmxQ7HCGdREe71s5rhWqDtmm+6+tTaJK89iy9GwLw6ONNl4ZBEA==
ServerSignature

lfIT7rv/26g41mnHhiL8/u5vrKtVsRV0P5ye5t7Qhs4Cy0+ePKIsFWfZO2ZNLpEdnMYKH2U4NqQMk2SocwLTHFY3QqaD/+7bsa+3w8ePQ246qTNrk7AvGe6Bx7t4TKZQoT0yYDmtIBFKATPoIdDcGh8FW9uJHdj3bCWVPYBl+SqsSkswb1MMbmHSu7/HixwiQXLbQBthgO3HvKcRR63G2Lg7hKjPEyHqm9uht0uHgvZkX5eKVzd0oTJGXJN3xSRRGD41c6xpetI8JIAmuW44k12crbOWwbtrcSISHIFGF0NDTVkgPfd+jnG6DA7ch+Btx9Hlcf1Wc7RTkKO3EBJ9fesuAIS4UWXe+dUy1qaOk2jvpj2vKZwkNqkrjJ1qnbKYTNuYC4DZcBiKGTMtXGYHSBQVFbCN5sG9JGcHe30JyefzQQJUqhIS4KSCMMUTwgwnftMAld4GWCDwEhWeoadH8S/ek8nLpLJtdFU6e+n6t6auldeD2T/24A+C5vOiPQ3ITwuc4cAmeUpuJ+LXDGxrdwYnZC9XutB0sl+QWaQgZ4Z37nsFk0I7AoP6ShtVaql/7Yba8k6ictS3a+9cH3vTN3OUyDJ6Y+kCmxNz3oVCSB2yaWdkhVwcOF09PMpp8Who+1vAnPmy9iWSAyM+srGom0tyog+jvXuhsyYYbglDcMc=
Install

true
BDOS

false
Anti-VM

false
Install File

VSDCCitadelNetwork.exe
Install-Folder

%AppData%
Hosts

www.ubdofr.sa.com,ubdofr.sa.com,biglobe-auth.jp.net,www.biglobe-auth.jp.net,www.vlxx.net
Ports

80,443,4444,4782,5555,6060,6606,6666,7707,8080,8808,8848
Mutex

VSDC_CitadelNetwork_VanguardLock_3i4j5k6l
Version

0.5.8
Delay

3
Group

AtlasGlobal_Command_2039
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

VSDCCitadelNetwork.exe
Full Name

VSDCCitadelNetwork.exe
EntryPoint

System.Void Client.Program::Main()
Scope Name

VSDCCitadelNetwork.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

VSDCCitadelNetwork
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

120
Main Method

System.Void Client.Program::Main()
Main IL Instruction Count

51
Main IL

ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::Delay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue IL_0043: ldsfld System.String Client.Settings::Anti ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String Client.Settings::Anti call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String Client.Settings::Install call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() ldsfld System.String Client.Settings::Install call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String Client.Settings::BDOS call System.Void Client.Install.NormalStartup::Install() ldsfld System.String Client.Settings::BDOS call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.ProcessCritical::Set() call System.Void Client.Helper.Methods::PreventSleep() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop
Module Name

VSDCCitadelNetwork.exe
Full Name

VSDCCitadelNetwork.exe
EntryPoint

System.Void Client.Program::Main()
Scope Name

VSDCCitadelNetwork.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

VSDCCitadelNetwork
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

120
Main Method

System.Void Client.Program::Main()
Main IL Instruction Count

51
Main IL

ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::Delay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue IL_0043: ldsfld System.String Client.Settings::Anti ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String Client.Settings::Anti call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String Client.Settings::Install call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() ldsfld System.String Client.Settings::Install call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String Client.Settings::BDOS call System.Void Client.Install.NormalStartup::Install() ldsfld System.String Client.Settings::BDOS call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.ProcessCritical::Set() call System.Void Client.Helper.Methods::PreventSleep() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop
Artefacts
Name
 Value
Key (AES_256)

VkNDS0pzdmd6RElxZGhvSmZzTld5NWV6SUtTSTJuYXY=
CnC

www.ubdofr.sa.com
CnC

ubdofr.sa.com
CnC

biglobe-auth.jp.net
CnC

www.biglobe-auth.jp.net
CnC

www.vlxx.net
Ports

80
Ports

443
Ports

4444
Ports

4782
Ports

5555
Ports

6060
Ports

6606
Ports

6666
Ports

7707
Ports

8080
Ports

8808
Ports

8848
Mutex

VSDC_CitadelNetwork_VanguardLock_3i4j5k6l
e51acd6dd40d6a222c5d831fe5eb7898 (48.13 KB)
File Structure
e51acd6dd40d6a222c5d831fe5eb7898
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Characteristics
Malware Configuration - AsyncRAT config.
Config. Field
 Value
Key (AES_256)

VkNDS0pzdmd6RElxZGhvSmZzTld5NWV6SUtTSTJuYXY=
Pastebin

-
Certificate

MIIE8jCCAtqgAwIBAgIQAKYcHhywGGUI7zsI52X33zANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjYwMTA5MTQwOTQxWhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALLQZ2j5/rFi4J33YCqbK7w2so7ZNUuWu1DnCEppESTA3fChXi8O7SL0OEH6qJgL8hlpR02i/NevdFjd3fMgQSaIs/HslP2kqveuO9ZaA8pWiDqkW4XKZyYOQBLGXFnM7v1qgHrkIE6s9nSN28X5UBIBdVRX0xWPW6ZNTb7PglMY8krMhV2ZhMQGJfMt32F5ReWbjVMjSbidVMHzCcPGeOsN0PPUHudCP5AMd1RmePLtgt1G60jJosKG2wjBMCIUYX7QmZ0bWsvapNTtPJ1hmN6hV+l/LLMp2IroA9oANqY1pUVlgpqNRTi4hXcXymN+Up4pYmmYNT0qyJAegYzRbFaSZtSRPZ1FOUuHu9glsn0/T7C/1yN2M8LMUuSAShOTY/mxIdywbFUHSlen976q4ee2soGtkwMQMFfd9pkSRXNPLLfPXBDty9+7U93NNepz3AtF/hPPUUdDjM9JiRaZBn4wTBrveLsAtek1xXnQpp6a6w3gfLUvAh6CM9MiSxzwi8o81iMSbdsskH/urDxoQQI+09W0kYSpom5naDSIJSYa3zDJ3Ug91uycZAPdHZ1+kxGCrCl6aUBaKsSLsyXhXF9A7RfzdUD4ROF9M+zVlMRHYnpQ78WHFQBEOhU6clKeWusVVI8YEkjRBKh3HtLbHjjjkFk2AZQ1aaF/sp+pMR7XAgMBAAGjMjAwMB0GA1UdDgQWBBSmNvCzqQmbV6fBeMIZzpZmenxn7zAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQAP9P0Lq/KqHcuDmT5LuEd0rWfB4Mgeivc+Hu62RxLGxYkewJnl7yaxlL+uK2LjIYObXyZLPdwZcX3u1ea2505PIXEpdydUu254xUrPDDEsBEJI9sbzfgGnCh7ZoPxt9YSJ8KuFKu7abbuSUYFo9MGv4dmpCEDziASTj6g7OBp3kffPftKY4EAPBodPbKeKVtrjqOIOos2CcfVXxZtWoDPMCZl7eYJO0qf5rPsAWUfNn87rkG3PDp33bedZgtZauKAWeh3iJfgxD04qIBilQw9IO1YD8nfa23GteM7QZHZWToJVXKEY1F1bT2WdS42h8PMtBLbvlmV9Gy2QIVjC0wX3zXA3bgWEN/M+A9J/7Mz8hJ8Uy/hBjMyVI7epH7UIgWicar3rtMsIvVg97PYe6yw6R9BjSZdVQZ0F7FRJPuETACAeH90EAmtatTnBIjQlpF7lU+NXFPC4WfmYo7zIVKcVc4AKKlrvG8NW2B6hLxYmZ5QgkGQucNAAgiBkm9cgo2ffq1FE4G8jjipahr8g8KCIKULONvRLdhOt6RMOTPnOeOzz7gPTjFQ/Ey1vC44IV5iroIJd9L82vsMb0mZSg70iQpQXzKixf8YRTbENqtCnDyyl61dpPyuTFw0JmxQ7HCGdREe71s5rhWqDtmm+6+tTaJK89iy9GwLw6ONNl4ZBEA==
ServerSignature

lfIT7rv/26g41mnHhiL8/u5vrKtVsRV0P5ye5t7Qhs4Cy0+ePKIsFWfZO2ZNLpEdnMYKH2U4NqQMk2SocwLTHFY3QqaD/+7bsa+3w8ePQ246qTNrk7AvGe6Bx7t4TKZQoT0yYDmtIBFKATPoIdDcGh8FW9uJHdj3bCWVPYBl+SqsSkswb1MMbmHSu7/HixwiQXLbQBthgO3HvKcRR63G2Lg7hKjPEyHqm9uht0uHgvZkX5eKVzd0oTJGXJN3xSRRGD41c6xpetI8JIAmuW44k12crbOWwbtrcSISHIFGF0NDTVkgPfd+jnG6DA7ch+Btx9Hlcf1Wc7RTkKO3EBJ9fesuAIS4UWXe+dUy1qaOk2jvpj2vKZwkNqkrjJ1qnbKYTNuYC4DZcBiKGTMtXGYHSBQVFbCN5sG9JGcHe30JyefzQQJUqhIS4KSCMMUTwgwnftMAld4GWCDwEhWeoadH8S/ek8nLpLJtdFU6e+n6t6auldeD2T/24A+C5vOiPQ3ITwuc4cAmeUpuJ+LXDGxrdwYnZC9XutB0sl+QWaQgZ4Z37nsFk0I7AoP6ShtVaql/7Yba8k6ictS3a+9cH3vTN3OUyDJ6Y+kCmxNz3oVCSB2yaWdkhVwcOF09PMpp8Who+1vAnPmy9iWSAyM+srGom0tyog+jvXuhsyYYbglDcMc=
Install

true
BDOS

false
Anti-VM

false
Install File

VSDCCitadelNetwork.exe
Install-Folder

%AppData%
Hosts

www.ubdofr.sa.com,ubdofr.sa.com,biglobe-auth.jp.net,www.biglobe-auth.jp.net,www.vlxx.net
Ports

80,443,4444,4782,5555,6060,6606,6666,7707,8080,8808,8848
Mutex

VSDC_CitadelNetwork_VanguardLock_3i4j5k6l
Version

0.5.8
Delay

3
Group

AtlasGlobal_Command_2039
Artefacts
Name
 Value Location
Key (AES_256)

VkNDS0pzdmd6RElxZGhvSmZzTld5NWV6SUtTSTJuYXY=

Malicious

e51acd6dd40d6a222c5d831fe5eb7898
CnC

www.ubdofr.sa.com

Malicious

e51acd6dd40d6a222c5d831fe5eb7898
CnC

ubdofr.sa.com

Malicious

e51acd6dd40d6a222c5d831fe5eb7898
CnC

biglobe-auth.jp.net

Malicious

e51acd6dd40d6a222c5d831fe5eb7898
CnC

www.biglobe-auth.jp.net

Malicious

e51acd6dd40d6a222c5d831fe5eb7898
CnC

www.vlxx.net

Malicious

e51acd6dd40d6a222c5d831fe5eb7898
Ports

80

Malicious

e51acd6dd40d6a222c5d831fe5eb7898
Ports

443

Malicious

e51acd6dd40d6a222c5d831fe5eb7898
Ports

4444

Malicious

e51acd6dd40d6a222c5d831fe5eb7898
Ports

4782

Malicious

e51acd6dd40d6a222c5d831fe5eb7898
Ports

5555

Malicious

e51acd6dd40d6a222c5d831fe5eb7898
Ports

6060

Malicious

e51acd6dd40d6a222c5d831fe5eb7898
Ports

6606

Malicious

e51acd6dd40d6a222c5d831fe5eb7898
Ports

6666

Malicious

e51acd6dd40d6a222c5d831fe5eb7898
Ports

7707

Malicious

e51acd6dd40d6a222c5d831fe5eb7898
Ports

8080

Malicious

e51acd6dd40d6a222c5d831fe5eb7898
Ports

8808

Malicious

e51acd6dd40d6a222c5d831fe5eb7898
Ports

8848

Malicious

e51acd6dd40d6a222c5d831fe5eb7898
Mutex

VSDC_CitadelNetwork_VanguardLock_3i4j5k6l

Malicious

e51acd6dd40d6a222c5d831fe5eb7898
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙