Malicious
Malicious

2872e662801005a47659a9518f64236c

PE Executable
|
MD5: 2872e662801005a47659a9518f64236c
|
Size: 356.35 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Medium

Hash
 Hash Value
MD5
2872e662801005a47659a9518f64236c
Sha1
1a8077b921a6048d9b7c8c136f86121f4cb999ad
Sha256
5fa2b496df919231385927be00a94d6d0aa9b653c31f7720840630c6bd3c0931
Sha384
829ee95b5b88a736b10ab09310b2d8ee06cedf5d0de05d5c686217a5dcda1cce241606723d45294fe2f24b128d6a961e
Sha512
05d20164c4a253204e78cf5dcd9e78135fdf1b7e6b138f587276b934629166c65c92e58edaec2b1944456fd05bf524edecf39af626b4a1e8d8fa3daede0bcf31
SSDeep
6144:V+NHXf500Mr3rUO84+bBbpMMm7j6SyaGyIbK:Md501roDWF+wG/bK
TLSH
97748D2373A8E93FD5BD2B3AE43206154BB1D4477B16E38B5A5855B82D133874E903B3

PeID

.NET executable
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual Studio .NET
File Structure
2872e662801005a47659a9518f64236c
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
xClient.Properties.Resources.resources
information
[NBF]root.Data
[NBF]root.Data-preview.png
Malware Configuration - QuasarRAT config.
Config. Field
 Value
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Conf. AES-Key

zWf9gmWcr62GNVpLcPCc
Version

1.3.0.0
Port

44
Host

192.168.1.102
ReconnectDelay

3000
Key

1WvgEMPjdwfqIMeM9MclyQ==
AuthKey

NcFtjbDOcsw7Evd3coMC0y4koy/SRZGydhNmno81ZOWOvdfg7sv0Cj5ad2ROUfX4QMscAIjYJdjrrs41+qcQwg==
SubDirectory

SubDir
InstallName

Client.exe
Install

1
Startup

0
Mutex

QSR_MUTEX_dUNpOH
StartupKey

Quasar Client St
HideFile

0
EnableLogger

0
Tag

Office04
LogDirectory

Logs
HideLogDirectory

0
HideLogSubdirectory

0
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Client.exe
Full Name

Client.exe
EntryPoint

System.Void ϛ芴ἵ霼ࢻ驿尭䥊﹞⊕�븓૤ꡂ⿆::Main(System.String[])
Scope Name

Client.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

1.3.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

896
Main Method

System.Void ϛ芴ἵ霼ࢻ驿尭䥊﹞⊕�븓૤ꡂ⿆::Main(System.String[])
Main IL Instruction Count

19
Main IL

call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void ϛ芴ἵ霼ࢻ驿尭䥊﹞⊕�븓૤ꡂ⿆::쪝㎰쵬벑⑨툐藆ݷ䑡ꊸ椲綉耣᪺ꫜ(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Boolean ⽱٘㯹磌晥ꙮ㰭鶹ⵀᷧ㨸㺚≫鴥鏙㇘윾::헱ൻ诖愑됴䦬暣Ѩ狏�樭懔᧼讼磦ᡷ玤ᆪ() brfalse.s IL_0040: call System.Void ϛ芴ἵ霼ࢻ驿尭䥊﹞⊕�븓૤ꡂ⿆::驥窦⏷��釠烐䠬l纝李䣪ዮ㵱婠챡耩Ⱃ淆貊() call System.Boolean ϛ芴ἵ霼ࢻ驿尭䥊﹞⊕�븓૤ꡂ⿆::衽è롼腲戦与鱣ݫﵯ솑龩㲋멀訕̙ᇱ㖱底ˁ() brfalse.s IL_0040: call System.Void ϛ芴ἵ霼ࢻ驿尭䥊﹞⊕�븓૤ꡂ⿆::驥窦⏷��釠烐䠬l纝李䣪ዮ㵱婠챡耩Ⱃ淆貊() call System.Boolean 䐼ᘡᾏऩ雛䳹Ɨ䘀揉㳀鶌뷎퍜沠⠄┱㲋ೝ::get_Exiting() brtrue.s IL_0040: call System.Void ϛ芴ἵ霼ࢻ驿尭䥊﹞⊕�븓૤ꡂ⿆::驥窦⏷��釠烐䠬l纝李䣪ዮ㵱婠챡耩Ⱃ淆貊() ldsfld 䐼ᘡᾏऩ雛䳹Ɨ䘀揉㳀鶌뷎퍜沠⠄┱㲋ೝ ϛ芴ἵ霼ࢻ驿尭䥊﹞⊕�븓૤ꡂ⿆::䃈鸞Ƚ蒞旚Ἓ㌅ᓬ楯魢萖᠄߼Ꭷ࿡᫞튫눪 callvirt System.Void 䐼ᘡᾏऩ雛䳹Ɨ䘀揉㳀鶌뷎퍜沠⠄┱㲋ೝ::鸑அ㮡騟Ნ貾ꗄ퉝罬焲लꎏ똻ﰏ뿧�ԉ᠌() call System.Void ϛ芴ἵ霼ࢻ驿尭䥊﹞⊕�븓૤ꡂ⿆::驥窦⏷��釠烐䠬l纝李䣪ዮ㵱婠챡耩Ⱃ淆貊() call System.Void ϛ芴ἵ霼ࢻ驿尭䥊﹞⊕�븓૤ꡂ⿆::솋᧿껾ⴍꭳ꠼願ᵠʊ迦䎖睬﷉臁ꚪᢿ鉲ᘮ() ret <null>
Module Name

Client.exe
Full Name

Client.exe
EntryPoint

System.Void ϛ芴ἵ霼ࢻ驿尭䥊﹞⊕�븓૤ꡂ⿆::Main(System.String[])
Scope Name

Client.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

1.3.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

896
Main Method

System.Void ϛ芴ἵ霼ࢻ驿尭䥊﹞⊕�븓૤ꡂ⿆::Main(System.String[])
Main IL Instruction Count

19
Main IL

call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void ϛ芴ἵ霼ࢻ驿尭䥊﹞⊕�븓૤ꡂ⿆::쪝㎰쵬벑⑨툐藆ݷ䑡ꊸ椲綉耣᪺ꫜ(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Boolean ⽱٘㯹磌晥ꙮ㰭鶹ⵀᷧ㨸㺚≫鴥鏙㇘윾::헱ൻ诖愑됴䦬暣Ѩ狏�樭懔᧼讼磦ᡷ玤ᆪ() brfalse.s IL_0040: call System.Void ϛ芴ἵ霼ࢻ驿尭䥊﹞⊕�븓૤ꡂ⿆::驥窦⏷��釠烐䠬l纝李䣪ዮ㵱婠챡耩Ⱃ淆貊() call System.Boolean ϛ芴ἵ霼ࢻ驿尭䥊﹞⊕�븓૤ꡂ⿆::衽è롼腲戦与鱣ݫﵯ솑龩㲋멀訕̙ᇱ㖱底ˁ() brfalse.s IL_0040: call System.Void ϛ芴ἵ霼ࢻ驿尭䥊﹞⊕�븓૤ꡂ⿆::驥窦⏷��釠烐䠬l纝李䣪ዮ㵱婠챡耩Ⱃ淆貊() call System.Boolean 䐼ᘡᾏऩ雛䳹Ɨ䘀揉㳀鶌뷎퍜沠⠄┱㲋ೝ::get_Exiting() brtrue.s IL_0040: call System.Void ϛ芴ἵ霼ࢻ驿尭䥊﹞⊕�븓૤ꡂ⿆::驥窦⏷��釠烐䠬l纝李䣪ዮ㵱婠챡耩Ⱃ淆貊() ldsfld 䐼ᘡᾏऩ雛䳹Ɨ䘀揉㳀鶌뷎퍜沠⠄┱㲋ೝ ϛ芴ἵ霼ࢻ驿尭䥊﹞⊕�븓૤ꡂ⿆::䃈鸞Ƚ蒞旚Ἓ㌅ᓬ楯魢萖᠄߼Ꭷ࿡᫞튫눪 callvirt System.Void 䐼ᘡᾏऩ雛䳹Ɨ䘀揉㳀鶌뷎퍜沠⠄┱㲋ೝ::鸑அ㮡騟Ნ貾ꗄ퉝罬焲लꎏ똻ﰏ뿧�ԉ᠌() call System.Void ϛ芴ἵ霼ࢻ驿尭䥊﹞⊕�븓૤ꡂ⿆::驥窦⏷��釠烐䠬l纝李䣪ዮ㵱婠챡耩Ⱃ淆貊() call System.Void ϛ芴ἵ霼ࢻ驿尭䥊﹞⊕�븓૤ꡂ⿆::솋᧿껾ⴍꭳ꠼願ᵠʊ迦䎖睬﷉臁ꚪᢿ鉲ᘮ() ret <null>
Artefacts
Name
 Value
CnC

192.168.1.102
Port

44
2872e662801005a47659a9518f64236c (356.35 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙