Malicious
Malicious

eda231aeeaaa67506cc277d13e683854

PE Executable
|
MD5: eda231aeeaaa67506cc277d13e683854
|
Size: 48.13 KB
|
application/x-dosexec

Print
General
Structural Analysis
Config.1
Yara Rules72
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Low

Hash
 Hash Value
MD5
eda231aeeaaa67506cc277d13e683854
Sha1
2b092674f6b33d55c87ebc3c11d2e3b2499ceebc
Sha256
bf139e8d4cc73239afcbbac7591c0fd609d2ca358ff2c4aedf991ad08f1bbe12
Sha384
c1e25e0caeab93a3e7758cdd955c5211c6034c44c37dd9220c70dc6c04d475e783df167f684561ef3ce7b214dc1aca37
Sha512
9726b1216efc699b5083575506edbbc922f608ae2122053d73f0df7f64a32649fdab9beee70b06e67b17c5371127d3d5665a613b12da75448e1766060a031b55
SSDeep
768:so+QXMM5bJ44GnJ3DNk13wRCn1OCDyjb5gr3iId1KeOr1QMPwaClZB2tYcFmVc6K:so+QXMMR/AUVebWrSIXj61GPrBKmVcl
TLSH
5D232D1037E9812BE27E5FB859F26241867BF2733603D94A3CC811DB5B13BC696426ED

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
eda231aeeaaa67506cc277d13e683854
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - AsyncRAT config.
Config. Field
 Value
Key (AES_256)

ektHMmQ0U3pzUkVheEFsS0ZCbXU1Mm40ZVA3Y0JFUG4=
Pastebin

-
Certificate

MIIE8jCCAtqgAwIBAgIQANHIVSbkZWNBHEaLabW7PzANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjAxMjI2MTMyNzU4WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALf+x830ty99anTQ0lvzEEVA57PH4vyK7TsrCexPEzERBmGPqpXmZdzXOZm9EYCt3BrT+7yhQqIe9C3KIpAAr/ZoLHM3boq1rB24CStwOGJfuUCra/29AjKGAcMw4LViNvH2xEg1RD1OsKbnDzp7Kds9mNUrypdN+aIteyL1eQ9F2IdVkZThUEidvSzbEOKUj+ZVcIbcjKDIqXrLC+ZJtF/pcPU7R/wyGUIJq9R5WOZ2TCrFOlquNnf+s2PjaKmND9yy7LJqsJ0OipnserIQOiv583vsyiWB8Q2jVDiDddlbdMPolGnTzrxHJ2G60sQoIwaSkOv5VZQ4/sL6bukxB1fgVa+nOv0vZAV1pgprrxaB90IA0YsCPcKGPc7XtZAFCZy56UoDfM/6QIrMOFlwba+OV7pPCUC6ErW7+zlSyiezF8/7kTTZ5o9D7d2/wGbkTa0ijsC+1yoebUQZ3ce8PKdHoUzudSs40VMgKqEq6eTEIPDHC6Gnk2oXEPlIUj2RKa5A2qAfNe2T5ATPWt+Ls/ESupRTM6iIg3voKBDVVuN0vEojgpuuaywY0KiaiTm3zy17RzrHSe24NxGLQDkjnYtBgsL2WycRQuBtVh9mCaCmuSEO9l8qRQrefYRhhd2u/JgJKh/Fl1aOs4nDNwZamgxCX96qt7PgkiY8xLdRIM43AgMBAAGjMjAwMB0GA1UdDgQWBBSlAho/av0tqkirKHYAi1CamoX7pTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQBAokgFGcYGTMzfxMRvkYu+oLmZnF21luzLt78h5who9XbKvY4teLTZf/jhJb3ZtGnDP0TjbRe/PB4V3Cv7du4QVcAR6iE/Q9llcqDID5aUgQfypmx2SMqGQbaWGTOhfa5z7jSZWfXAfVy03yGIeYziJu1ubIFAAU53iDnNw0kBua1JHEoherDpU7KX6xXq0ydZWcimX9qvSHuffu0TOGJbiCyPqPOpjvYeFqU19XCVY6QUdDxxIH0TpqsG9zZtn9hl0ovZUeuIuR3ORiApYZTCVdXoUd72sn24ExRJAMDOLTYLo4BLhQMCp3Xv1LykjtkMMxAJYbronqjrN484fEUnhfpACc9GGjoD4o0SUTpgtU3eyuUyONoU6Iw1zxQ0mfdDm176mcmFR1z4tEUpoaCzc7hLg+3lk1qPUtax6FgnlX+/59sJ7oiuegvLDZr1X1AmmX82BncpFKEe2XdOBJWt9PMtGfvvlwkx7cHkW7gPZ6fpuhqxLrgCMo5FHYZrVKA2iTqX9HF8/VMuYRQCdIMjcjHNzDg7N31g4CZdOWh8OMksqDo91F2ZucaVbntuEUhBZOcz1xQmDW3YdoxNWMYuieKHNK9UnFMxvl1i1TFoJwP/52kWv9aTJzMdX3crYZP3/wt54dg6VAQXfIU/oEI2bQGtJT0mM3WuDjI/q3vFdA==
ServerSignature

oc1Ai6Jc+aSHiVnu2PB/STHo8yYWNEOKanxxYRujJzdA+HWaU42e/ILHqEEPjtRh8mDIcfsbZtFaUv/JSldIkKJ7Uh7FHbodGoXDYJYgVVPdmb9A8BPGvIPRXnvfKO+Uy/LyUcABJ+6ivent1KAZzR7axmHK4GhVaZA3Ry45k4SCfqT4V8vBQIbM19kzUL0LluR5NO83eBMy6sLCsWLC8q5vjUl/zCupEyakLvjorhCRVnVODr8Ev7ZxhkswxAoFth17pF8kNSeMBE0+LK6eI3X1Q6hfbD7hRo3ojjuQvHy4Q0eOyW35IU5WUxsFmaW/ZUr1CXdxnKuCGt157D+owPR7rwmp8zC/5GpEH9MTy8+Wq2KNi2bxOkJ1JAClX6f29AQ52+F0JDwfHRVkZA4hZneVyO63p3u7YEjM9PO2OrQUm+DW5qTh6o5LjxGxCrENnvll2lGDoDHpQpJUoRc/OSxEmdgQ0yiber5TCREzn9YdjPAip3VEI8Te5TRzIi7kPnk9zRfg9VLDjvxxw492j3YRKPFoWzVM0IAh4NnwP7AnRF8t/y0lyPr/ZYyy4gBUZUNWqkCelF0qEUknhSLwduU6RiAC7MwbcNF37NDEk0EYD5YsU4XIph68uLPj1W5j1hWUb9LeULS/YKuiJxeTBA1ddflubXpv
Install

true
BDOS

false
Anti-VM

false
Install File

avera.exe
Install-Folder

%AppData%
Version

0.5.6D
Hosts

ronymahmoud.casa
Ports

6606,7707,8808
Mutex

uffamfwuuxehzjjo
Delay

8
Group

Default
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

AsyncClient.exe
Full Name

AsyncClient.exe
EntryPoint

System.Void Client.Program::Main()
Scope Name

AsyncClient.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

AsyncClient
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

121
Main Method

System.Void Client.Program::Main()
Main IL Instruction Count

50
Main IL

ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::Delay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue IL_0043: ldsfld System.String Client.Settings::Anti ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String Client.Settings::Anti call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String Client.Settings::Install call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() ldsfld System.String Client.Settings::Install call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String Client.Settings::BDOS call System.Void Client.Install.NormalStartup::Install() ldsfld System.String Client.Settings::BDOS call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.ProcessCritical::Set() call System.Void Client.Helper.Methods::PreventSleep() leave IL_0099: call System.Boolean Client.Connection.ClientSocket::get_IsConnected() pop <null> leave IL_0099: call System.Boolean Client.Connection.ClientSocket::get_IsConnected() call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue IL_00AD: newobj System.Void System.Random::.ctor() call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() newobj System.Void System.Random::.ctor() ldc.i4 2000 ldc.i4 5000 callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: call System.Boolean Client.Connection.ClientSocket::get_IsConnected()
Module Name

AsyncClient.exe
Full Name

AsyncClient.exe
EntryPoint

System.Void Client.Program::Main()
Scope Name

AsyncClient.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

AsyncClient
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

121
Main Method

System.Void Client.Program::Main()
Main IL Instruction Count

50
Main IL

ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::Delay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue IL_0043: ldsfld System.String Client.Settings::Anti ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String Client.Settings::Anti call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String Client.Settings::Install call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() ldsfld System.String Client.Settings::Install call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String Client.Settings::BDOS call System.Void Client.Install.NormalStartup::Install() ldsfld System.String Client.Settings::BDOS call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.ProcessCritical::Set() call System.Void Client.Helper.Methods::PreventSleep() leave IL_0099: call System.Boolean Client.Connection.ClientSocket::get_IsConnected() pop <null> leave IL_0099: call System.Boolean Client.Connection.ClientSocket::get_IsConnected() call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue IL_00AD: newobj System.Void System.Random::.ctor() call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() newobj System.Void System.Random::.ctor() ldc.i4 2000 ldc.i4 5000 callvirt System.Int32 System.Random::Next(System.Int32,System.Int32) call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: call System.Boolean Client.Connection.ClientSocket::get_IsConnected()
Artefacts
Name
 Value
Key (AES_256)

ektHMmQ0U3pzUkVheEFsS0ZCbXU1Mm40ZVA3Y0JFUG4=
CnC

ronymahmoud.casa
Ports

6606
Ports

7707
Ports

8808
Mutex

uffamfwuuxehzjjo
eda231aeeaaa67506cc277d13e683854 (48.13 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙