37530a5f60a84ed57746a93b153f0618

PE Executable
|
MD5: 37530a5f60a84ed57746a93b153f0618
|
Size: 356.35 KB
|
application/x-dosexec

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	37530a5f60a84ed57746a93b153f0618
Sha1	e5506d09512d66e2e633defe67d3a15cdf5c3785
Sha256	5b8b78b57e4a59162989c4c12e5f1dac3f6679961b393a9b3fc3598879b1a4c7
Sha384	bba3f818550cf63c627bb3ddd7ef042edfc359e1f73582cb5e2abf62becd5116017203fda1fc154c1bbaa0045f23871c
Sha512	6a107a1be64b3ee6689e3fd63d21edcefc1063041b8746c2c8a1fbc6dbc9ebd45fcfc071109e9f2269747729896b12f4a9c7ba6cf87166608914b7f54a02cb0f
SSDeep	6144:oZNHXf500Md6Nx7IDmMZabBrQPbQany8KMKVlYmIkG:sd50HOxEpZljQ9tMilYmvG
TLSH	75749D1373A8E93BD1FD173AF43606194BB1D553BB12E38B9A5A54B82D133868D903B3

PeID

.NET executable

Microsoft Visual C# / Basic .NET

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL

Microsoft Visual C# v7.0 / Basic .NET

Microsoft Visual Studio .NET

File Structure

Malware Configuration - QuasarRAT config.

Config. Field0	Value
Conf. AES-Salt	BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Conf. AES-Key	wdebSSoA9soqqZIz9fX7
Version	1.3.0.0
Port	13
Host	tickets-somewhat.gl.at.ply.gg
ReconnectDelay	2
Key	cWW4/S7xJcFMVb7lmdi3cQ==
AuthKey	kQVGglYGB8TjKZO2Nc0eSx973GUWXkQv95dF/EZO7sn52IUrvhM8wIBlIoh6QpH1cIrec288+5Z5ad6GfFFf1Q==
SubDirectory	SubDir
InstallName	svchost.exe
Install	1
Startup	1
Mutex	QSR_MUTEX_n0f6at
StartupKey	update
HideFile	0
EnableLogger	0
Tag	Office04
LogDirectory	Logs
HideLogDirectory	0
HideLogSubdirectory	0

Informations

Name0	Value
Info	PE Detect: PeReader OK (file layout)
Module Name	Client.exe
Full Name	Client.exe
EntryPoint	System.Void Ꞁ䒨Ꜵ﫥煢뾐��鶚湨凝�蹰媤媂囝ᒎ໬許::Main(System.String[])
Scope Name	Client.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Client
Assembly Version	1.3.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.0,Profile=Client
Total Strings	896
Main Method	System.Void Ꞁ䒨Ꜵ﫥煢뾐��鶚湨凝�蹰媤媂囝ᒎ໬許::Main(System.String[])
Main IL Instruction Count	19
Main IL	call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void Ꞁ䒨Ꜵ﫥煢뾐��鶚湨凝�蹰媤媂囝ᒎ໬許::퀴ꔟ뛭㫫ꪻ⹖ꉰ﷕�꼗늅玊ꞗ㜞뫓煛弝쓮칄(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Boolean ﭟ鷯ꔋ笆糨䂖펟洨ᮏ䌧賸괶䓁옴뛄芼䗖::ᕘ掤䁩쬐疇鸻댋⼠誗䒜๶폺ℬ䟧⋧쏛() brfalse.s IL_0040: call System.Void Ꞁ䒨Ꜵ﫥煢뾐��鶚湨凝�蹰媤媂囝ᒎ໬許::왺�曓ᢖ鵽噾駼伙釀ፂ笷՗鵿ꬷꈻ샭ꁱ㷃謁() call System.Boolean Ꞁ䒨Ꜵ﫥煢뾐��鶚湨凝�蹰媤媂囝ᒎ໬許::┌ﰙ輁䘎쟝鎰ᠴ軱㷓硵┍˗Ų邝甾剢鷀嚔톑() brfalse.s IL_0040: call System.Void Ꞁ䒨Ꜵ﫥煢뾐��鶚湨凝�蹰媤媂囝ᒎ໬許::왺�曓ᢖ鵽噾駼伙釀ፂ笷՗鵿ꬷꈻ샭ꁱ㷃謁() call System.Boolean 逎⪦途丑₀뜎룒။抴诽伩㕒맓⒊⎣毥ޛ壡䔒::get_Exiting() brtrue.s IL_0040: call System.Void Ꞁ䒨Ꜵ﫥煢뾐��鶚湨凝�蹰媤媂囝ᒎ໬許::왺�曓ᢖ鵽噾駼伙釀ፂ笷՗鵿ꬷꈻ샭ꁱ㷃謁() ldsfld 逎⪦途丑₀뜎룒။抴诽伩㕒맓⒊⎣毥ޛ壡䔒 Ꞁ䒨Ꜵ﫥煢뾐��鶚湨凝�蹰媤媂囝ᒎ໬許::坡 륱瀋䍡֣�ở葰酜큡썴鈻ဣ㭋ሙ callvirt System.Void 逎⪦途丑₀뜎룒။抴诽伩㕒맓⒊⎣毥ޛ壡䔒::쉬㌾ﳣ枨Ṩ鄠䤩䝹몬༅ꆼ邨﨟鸁ǌﳶ⏲⼑㗠() call System.Void Ꞁ䒨Ꜵ﫥煢뾐��鶚湨凝�蹰媤媂囝ᒎ໬許::왺�曓ᢖ鵽噾駼伙釀ፂ笷՗鵿ꬷꈻ샭ꁱ㷃謁() call System.Void Ꞁ䒨Ꜵ﫥煢뾐��鶚湨凝�蹰媤媂囝ᒎ໬許::㕎賔曹瑭쩥瘄案׼㨘㫔ꌄ쑁㪋㦽꧐糆䟯䏦() ret <null>
Module Name	Client.exe
Full Name	Client.exe
EntryPoint	System.Void Ꞁ䒨Ꜵ﫥煢뾐��鶚湨凝�蹰媤媂囝ᒎ໬許::Main(System.String[])
Scope Name	Client.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Client
Assembly Version	1.3.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.0,Profile=Client
Total Strings	896
Main Method	System.Void Ꞁ䒨Ꜵ﫥煢뾐��鶚湨凝�蹰媤媂囝ᒎ໬許::Main(System.String[])
Main IL Instruction Count	19
Main IL	call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void Ꞁ䒨Ꜵ﫥煢뾐��鶚湨凝�蹰媤媂囝ᒎ໬許::퀴ꔟ뛭㫫ꪻ⹖ꉰ﷕�꼗늅玊ꞗ㜞뫓煛弝쓮칄(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Boolean ﭟ鷯ꔋ笆糨䂖펟洨ᮏ䌧賸괶䓁옴뛄芼䗖::ᕘ掤䁩쬐疇鸻댋⼠誗䒜๶폺ℬ䟧⋧쏛() brfalse.s IL_0040: call System.Void Ꞁ䒨Ꜵ﫥煢뾐��鶚湨凝�蹰媤媂囝ᒎ໬許::왺�曓ᢖ鵽噾駼伙釀ፂ笷՗鵿ꬷꈻ샭ꁱ㷃謁() call System.Boolean Ꞁ䒨Ꜵ﫥煢뾐��鶚湨凝�蹰媤媂囝ᒎ໬許::┌ﰙ輁䘎쟝鎰ᠴ軱㷓硵┍˗Ų邝甾剢鷀嚔톑() brfalse.s IL_0040: call System.Void Ꞁ䒨Ꜵ﫥煢뾐��鶚湨凝�蹰媤媂囝ᒎ໬許::왺�曓ᢖ鵽噾駼伙釀ፂ笷՗鵿ꬷꈻ샭ꁱ㷃謁() call System.Boolean 逎⪦途丑₀뜎룒။抴诽伩㕒맓⒊⎣毥ޛ壡䔒::get_Exiting() brtrue.s IL_0040: call System.Void Ꞁ䒨Ꜵ﫥煢뾐��鶚湨凝�蹰媤媂囝ᒎ໬許::왺�曓ᢖ鵽噾駼伙釀ፂ笷՗鵿ꬷꈻ샭ꁱ㷃謁() ldsfld 逎⪦途丑₀뜎룒။抴诽伩㕒맓⒊⎣毥ޛ壡䔒 Ꞁ䒨Ꜵ﫥煢뾐��鶚湨凝�蹰媤媂囝ᒎ໬許::坡 륱瀋䍡֣�ở葰酜큡썴鈻ဣ㭋ሙ callvirt System.Void 逎⪦途丑₀뜎룒။抴诽伩㕒맓⒊⎣毥ޛ壡䔒::쉬㌾ﳣ枨Ṩ鄠䤩䝹몬༅ꆼ邨﨟鸁ǌﳶ⏲⼑㗠() call System.Void Ꞁ䒨Ꜵ﫥煢뾐��鶚湨凝�蹰媤媂囝ᒎ໬許::왺�曓ᢖ鵽噾駼伙釀ፂ笷՗鵿ꬷꈻ샭ꁱ㷃謁() call System.Void Ꞁ䒨Ꜵ﫥煢뾐��鶚湨凝�蹰媤媂囝ᒎ໬許::㕎賔曹瑭쩥瘄案׼㨘㫔ꌄ쑁㪋㦽꧐糆䟯䏦() ret <null>

Artefacts

Name0	Value
CnC	tickets-somewhat.gl.at.ply.gg
Port	13

37530a5f60a84ed57746a93b153f0618 (356.35 KB)

37530a5f60a84ed57746a93b153f0618

PE Executable | MD5: 37530a5f60a84ed57746a93b153f0618 | Size: 356.35 KB | application/x-dosexec

PE Executable
|
MD5: 37530a5f60a84ed57746a93b153f0618
|
Size: 356.35 KB
|
application/x-dosexec