1caa0e600cdb335f39a22b33163b10c8

PE Executable
|
MD5: 1caa0e600cdb335f39a22b33163b10c8
|
Size: 356.35 KB
|
application/x-dosexec

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	1caa0e600cdb335f39a22b33163b10c8
Sha1	d93f9b61d5f555390017cc904298394be3cdfd30
Sha256	fe3864c1b75c040aa4dda2ee3602973b79792ce4e69fb847e1afbf3a8d0720b2
Sha384	1c5161721ad6164155b2fb6888bf37a2aee6292494bacf0f2d7bfbd70529e2479e451854ce81af0b11a14b8bc955e4ef
Sha512	2a95447e8cabe17d22c8bf6c4b3a8082b22f6a1ea72b3470f6b125d514dd98615c11c1c64fb336b98fdb56e9b16f8c54f0588d32a4d429748cf92bf3ef965df2
SSDeep	6144:CU6bPXhLApfpgITWIGJSvbFyXL+BY079vrulMFo+O:3mhApVTWIGYhy7Kf79zulMPO
TLSH	6F749C5377A4E93BD1FE1B36E43616158BB0D403BE1AE38B5A5845B93D133868E803B7

PeID

.NET executable

Microsoft Visual C# / Basic .NET

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL

Microsoft Visual C# v7.0 / Basic .NET

Microsoft Visual Studio .NET

File Structure

Malware Configuration - QuasarRAT config.

Config. Field0	Value
Conf. AES-Salt	BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Conf. AES-Key	7VXTxtDc5xgM6dsspX8R
Version	1.3.0.0
Port	windows10-11.duc
Host	windows10-11.duc
ReconnectDelay	2999
Key	oXCnUiPgBL0sy3Tlv+F8LQ==
AuthKey	h36LUNE6D6Y9hpohEF6YNS5bniF/Glgol+St+nwGv2QBfXWLmUsLx5aanXm2PRFz2aY54a//jMvBGR9l4hF9Vg==
SubDirectory	up
InstallName	jstat.exe
Install	0
Startup	0
Mutex	QSR_MUTEX_ybz4Rj
StartupKey	update
HideFile	1
EnableLogger	1
Tag	NAN
LogDirectory	llogg
HideLogDirectory	0
HideLogSubdirectory	1

Informations

Name0	Value
Info	PE Detect: PeReader OK (file layout)
Module Name	Client.exe
Full Name	Client.exe
EntryPoint	System.Void ⸱侾䝻Ⴈ䮐隇〨ꌗౝ徿�䋔ꆋ䤆ꯊ証�ᢠ::Main(System.String[])
Scope Name	Client.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Client
Assembly Version	1.3.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.0,Profile=Client
Total Strings	896
Main Method	System.Void ⸱侾䝻Ⴈ䮐隇〨ꌗౝ徿�䋔ꆋ䤆ꯊ証�ᢠ::Main(System.String[])
Main IL Instruction Count	19
Main IL	call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void ⸱侾䝻Ⴈ䮐隇〨ꌗౝ徿�䋔ꆋ䤆ꯊ証�ᢠ::Ꭸ鴎瓐明Ď襪低⍢阴딗꿮빢鐥娆ɑ瓤䊳�(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Boolean 釺ᣛ珲サኮ蜩군쫡힧骄늧ꇂ鯴嘈䀨䉪챹�౏ࣈ::뙏转࢐Ｒ剟ꀘ퇀�Ꮂ佮돝訩螬柉䘕濏懄() brfalse.s IL_0040: call System.Void ⸱侾䝻Ⴈ䮐隇〨ꌗౝ徿�䋔ꆋ䤆ꯊ証�ᢠ::ﯝꓕ욜㉋徕㉍쳇쌪ϼ珥⡠葊虍�➙摆通Ⲻ() call System.Boolean ⸱侾䝻Ⴈ䮐隇〨ꌗౝ徿�䋔ꆋ䤆ꯊ証�ᢠ::孳஝瘿꣟탞בֿﯬ溋堃櫓�릁䔣煡() brfalse.s IL_0040: call System.Void ⸱侾䝻Ⴈ䮐隇〨ꌗౝ徿�䋔ꆋ䤆ꯊ証�ᢠ::ﯝꓕ욜㉋徕㉍쳇쌪ϼ珥⡠葊虍�➙摆通Ⲻ() call System.Boolean 핚ﰣ懭闟㝛ᷘ홮浮᢮礊逷䦅ꟲ残據଎::get_Exiting() brtrue.s IL_0040: call System.Void ⸱侾䝻Ⴈ䮐隇〨ꌗౝ徿�䋔ꆋ䤆ꯊ証�ᢠ::ﯝꓕ욜㉋徕㉍쳇쌪ϼ珥⡠葊虍�➙摆通Ⲻ() ldsfld 핚ﰣ懭闟㝛ᷘ홮浮᢮礊逷䦅ꟲ残據଎ ⸱侾䝻Ⴈ䮐隇〨ꌗౝ徿�䋔ꆋ䤆ꯊ証�ᢠ::诂዆໚瞨剄풠Ꞅ褡黲뮺適铝ꫦᄗ洳델 callvirt System.Void 핚ﰣ懭闟㝛ᷘ홮浮᢮礊逷䦅ꟲ残據଎::緵ꤐ�ᯢၸ㠙跛烽䬎梔獐鎡ᓆ収簬삨䧝瞢() call System.Void ⸱侾䝻Ⴈ䮐隇〨ꌗౝ徿�䋔ꆋ䤆ꯊ証�ᢠ::ﯝꓕ욜㉋徕㉍쳇쌪ϼ珥⡠葊虍�➙摆通Ⲻ() call System.Void ⸱侾䝻Ⴈ䮐隇〨ꌗౝ徿�䋔ꆋ䤆ꯊ証�ᢠ::瑪䲢匘셨別ꊴ섑댛뷇㳮뻤Ꝋ䙵᧹⪢乽Ⱟ⮤() ret <null>
Module Name	Client.exe
Full Name	Client.exe
EntryPoint	System.Void ⸱侾䝻Ⴈ䮐隇〨ꌗౝ徿�䋔ꆋ䤆ꯊ証�ᢠ::Main(System.String[])
Scope Name	Client.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Client
Assembly Version	1.3.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.0,Profile=Client
Total Strings	896
Main Method	System.Void ⸱侾䝻Ⴈ䮐隇〨ꌗౝ徿�䋔ꆋ䤆ꯊ証�ᢠ::Main(System.String[])
Main IL Instruction Count	19
Main IL	call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void ⸱侾䝻Ⴈ䮐隇〨ꌗౝ徿�䋔ꆋ䤆ꯊ証�ᢠ::Ꭸ鴎瓐明Ď襪低⍢阴딗꿮빢鐥娆ɑ瓤䊳�(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Boolean 釺ᣛ珲サኮ蜩군쫡힧骄늧ꇂ鯴嘈䀨䉪챹�౏ࣈ::뙏转࢐Ｒ剟ꀘ퇀�Ꮂ佮돝訩螬柉䘕濏懄() brfalse.s IL_0040: call System.Void ⸱侾䝻Ⴈ䮐隇〨ꌗౝ徿�䋔ꆋ䤆ꯊ証�ᢠ::ﯝꓕ욜㉋徕㉍쳇쌪ϼ珥⡠葊虍�➙摆通Ⲻ() call System.Boolean ⸱侾䝻Ⴈ䮐隇〨ꌗౝ徿�䋔ꆋ䤆ꯊ証�ᢠ::孳஝瘿꣟탞בֿﯬ溋堃櫓�릁䔣煡() brfalse.s IL_0040: call System.Void ⸱侾䝻Ⴈ䮐隇〨ꌗౝ徿�䋔ꆋ䤆ꯊ証�ᢠ::ﯝꓕ욜㉋徕㉍쳇쌪ϼ珥⡠葊虍�➙摆通Ⲻ() call System.Boolean 핚ﰣ懭闟㝛ᷘ홮浮᢮礊逷䦅ꟲ残據଎::get_Exiting() brtrue.s IL_0040: call System.Void ⸱侾䝻Ⴈ䮐隇〨ꌗౝ徿�䋔ꆋ䤆ꯊ証�ᢠ::ﯝꓕ욜㉋徕㉍쳇쌪ϼ珥⡠葊虍�➙摆通Ⲻ() ldsfld 핚ﰣ懭闟㝛ᷘ홮浮᢮礊逷䦅ꟲ残據଎ ⸱侾䝻Ⴈ䮐隇〨ꌗౝ徿�䋔ꆋ䤆ꯊ証�ᢠ::诂዆໚瞨剄풠Ꞅ褡黲뮺適铝ꫦᄗ洳델 callvirt System.Void 핚ﰣ懭闟㝛ᷘ홮浮᢮礊逷䦅ꟲ残據଎::緵ꤐ�ᯢၸ㠙跛烽䬎梔獐鎡ᓆ収簬삨䧝瞢() call System.Void ⸱侾䝻Ⴈ䮐隇〨ꌗౝ徿�䋔ꆋ䤆ꯊ証�ᢠ::ﯝꓕ욜㉋徕㉍쳇쌪ϼ珥⡠葊虍�➙摆通Ⲻ() call System.Void ⸱侾䝻Ⴈ䮐隇〨ꌗౝ徿�䋔ꆋ䤆ꯊ証�ᢠ::瑪䲢匘셨別ꊴ섑댛뷇㳮뻤Ꝋ䙵᧹⪢乽Ⱟ⮤() ret <null>

Artefacts

Name0	Value
CnC	windows10-11.duc
Port	windows10-11.duc

1caa0e600cdb335f39a22b33163b10c8 (356.35 KB)