59fdc2996d9b173b825a7360e80a1357

PE Executable
|
MD5: 59fdc2996d9b173b825a7360e80a1357
|
Size: 376.84 KB
|
application/x-dosexec

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	59fdc2996d9b173b825a7360e80a1357
Sha1	6cb86a42a606d1fdd6ee4795ff472dceb7cb7cf6
Sha256	b658fb710c13a94b3f36ce861c7d027dfd39f3eab6f3cc03bd939b6ca2203776
Sha384	efaf6c78109260d91b47deaab51aa7ba0f7dac6ad117901b656514d6aeee9bf903ca2273994b891ac59d324927fb1805
Sha512	424c1bfbb28db516e66d44a1c39be6987fe8e6a5a3f9cdb26f417cf923547097119d378985eb0572b7a97dd417faecac1ab374d140011808a01bc2fd8c73fc52
SSDeep	6144:J46bPXhLApfpph/epqYS3dFbw+/WgpLEVE3Alaha:2mhApRGpqYSNhpLEqwlaha
TLSH	92847B2377A8D93BD6FE173AF03606154BB1D607BA16E38B6A5C55B82C133868D413B3

PeID

Microsoft Visual C# / Basic .NET

File Structure

Malware Configuration - QuasarRAT config.

Config. Field0	Value
Conf. AES-Salt	BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Conf. AES-Key	9yQgPcUvAzbvk9mCXWEW
Version	1.3.0.0
Port	alexisfargo425.m
Host	alexisfargo425.m
ReconnectDelay	3000
Key	1WvgEMPjdwfqIMeM9MclyQ==
AuthKey	NcFtjbDOcsw7Evd3coMC0y4koy/SRZGydhNmno81ZOWOvdfg7sv0Cj5ad2ROUfX4QMscAIjYJdjrrs41+qcQwg==
SubDirectory	SubDir
InstallName	Client.exe
Install	0
Startup	1
Mutex	QSR_MUTEX_fYepET
StartupKey	Client Startup
HideFile	0
EnableLogger	1
Tag	rec
LogDirectory	Logs
HideLogDirectory	0
HideLogSubdirectory	0

Informations

Name0	Value
Info	PE Detect: PeReader FAIL, AsmResolver Mapped OK
Info	Remap: Mapped -> FileLayout (RAM only) as [Rebuild from dump]_0da4d888.exe
Module Name	Client.exe
Full Name	Client.exe
EntryPoint	System.Void ⇮幸肣�⻅ထ꿷䏢ሺ뙣䜞琢均擫ﻅ❇맡::Main(System.String[])
Scope Name	Client.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Client
Assembly Version	1.3.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.0,Profile=Client
Total Strings	896
Main Method	System.Void ⇮幸肣�⻅ထ꿷䏢ሺ뙣䜞琢均擫ﻅ❇맡::Main(System.String[])
Main IL Instruction Count	19
Main IL	call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void ⇮幸肣�⻅ထ꿷䏢ሺ뙣䜞琢均擫ﻅ❇맡::䩞幓⩻邘哈쨥蚛ꎐ쓝䊃蓌굪謬琺逋⯝峞쓏(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Boolean 놾奩層ꘜ爐덲脎ᙧ鍜Ჿ湕퍕ˣڝ輑�櫺ɰ::햭ᄚ麥䊛㫨ࠍﹴ鋃㏠뤆晬䒵᭠ᵒꦤ௜ዮㅒ() brfalse.s IL_0040: call System.Void ⇮幸肣�⻅ထ꿷䏢ሺ뙣䜞琢均擫ﻅ❇맡::嚃몆琐䴦胩啴鳙꣛﵊娬Ƭ✑寝ꮖ뭽㓕Ⴤ() call System.Boolean ⇮幸肣�⻅ထ꿷䏢ሺ뙣䜞琢均擫ﻅ❇맡::蹙꒳蔗独鍆핝㵺ဪ⣰ꬫ丷黬ፑ�寥睞⚉() brfalse.s IL_0040: call System.Void ⇮幸肣�⻅ထ꿷䏢ሺ뙣䜞琢均擫ﻅ❇맡::嚃몆琐䴦胩啴鳙꣛﵊娬Ƭ✑寝ꮖ뭽㓕Ⴤ() call System.Boolean 햙훉ㄑ뷬૎룕釆軫꾆셜㵳∻뵎૴蘀췦悴唡咾ꆭ::get_Exiting() brtrue.s IL_0040: call System.Void ⇮幸肣�⻅ထ꿷䏢ሺ뙣䜞琢均擫ﻅ❇맡::嚃몆琐䴦胩啴鳙꣛﵊娬Ƭ✑寝ꮖ뭽㓕Ⴤ() ldsfld 햙훉ㄑ뷬૎룕釆軫꾆셜㵳∻뵎૴蘀췦悴唡咾ꆭ ⇮幸肣�⻅ထ꿷䏢ሺ뙣䜞琢均擫ﻅ❇맡::慞낞䫲釕谎赕㕆쯵勧늍렘ŧ蜤謃䂵헙и釈 callvirt System.Void 햙훉ㄑ뷬૎룕釆軫꾆셜㵳∻뵎૴蘀췦悴唡咾ꆭ::䇇༎했폓沆悽〙㮊詇顣꿚呇薐ᒹ⡹墪䤒븇㰭() call System.Void ⇮幸肣�⻅ထ꿷䏢ሺ뙣䜞琢均擫ﻅ❇맡::嚃몆琐䴦胩啴鳙꣛﵊娬Ƭ✑寝ꮖ뭽㓕Ⴤ() call System.Void ⇮幸肣�⻅ထ꿷䏢ሺ뙣䜞琢均擫ﻅ❇맡::�몓킐皔㒀핂砺푿識ு쐡㿘鈒㐿踔㿾મ➠() ret <null>
Module Name	Client.exe
Full Name	Client.exe
EntryPoint	System.Void ⇮幸肣�⻅ထ꿷䏢ሺ뙣䜞琢均擫ﻅ❇맡::Main(System.String[])
Scope Name	Client.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Client
Assembly Version	1.3.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.0,Profile=Client
Total Strings	896
Main Method	System.Void ⇮幸肣�⻅ထ꿷䏢ሺ뙣䜞琢均擫ﻅ❇맡::Main(System.String[])
Main IL Instruction Count	19
Main IL	call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void ⇮幸肣�⻅ထ꿷䏢ሺ뙣䜞琢均擫ﻅ❇맡::䩞幓⩻邘哈쨥蚛ꎐ쓝䊃蓌굪謬琺逋⯝峞쓏(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Boolean 놾奩層ꘜ爐덲脎ᙧ鍜Ჿ湕퍕ˣڝ輑�櫺ɰ::햭ᄚ麥䊛㫨ࠍﹴ鋃㏠뤆晬䒵᭠ᵒꦤ௜ዮㅒ() brfalse.s IL_0040: call System.Void ⇮幸肣�⻅ထ꿷䏢ሺ뙣䜞琢均擫ﻅ❇맡::嚃몆琐䴦胩啴鳙꣛﵊娬Ƭ✑寝ꮖ뭽㓕Ⴤ() call System.Boolean ⇮幸肣�⻅ထ꿷䏢ሺ뙣䜞琢均擫ﻅ❇맡::蹙꒳蔗独鍆핝㵺ဪ⣰ꬫ丷黬ፑ�寥睞⚉() brfalse.s IL_0040: call System.Void ⇮幸肣�⻅ထ꿷䏢ሺ뙣䜞琢均擫ﻅ❇맡::嚃몆琐䴦胩啴鳙꣛﵊娬Ƭ✑寝ꮖ뭽㓕Ⴤ() call System.Boolean 햙훉ㄑ뷬૎룕釆軫꾆셜㵳∻뵎૴蘀췦悴唡咾ꆭ::get_Exiting() brtrue.s IL_0040: call System.Void ⇮幸肣�⻅ထ꿷䏢ሺ뙣䜞琢均擫ﻅ❇맡::嚃몆琐䴦胩啴鳙꣛﵊娬Ƭ✑寝ꮖ뭽㓕Ⴤ() ldsfld 햙훉ㄑ뷬૎룕釆軫꾆셜㵳∻뵎૴蘀췦悴唡咾ꆭ ⇮幸肣�⻅ထ꿷䏢ሺ뙣䜞琢均擫ﻅ❇맡::慞낞䫲釕谎赕㕆쯵勧늍렘ŧ蜤謃䂵헙и釈 callvirt System.Void 햙훉ㄑ뷬૎룕釆軫꾆셜㵳∻뵎૴蘀췦悴唡咾ꆭ::䇇༎했폓沆悽〙㮊詇顣꿚呇薐ᒹ⡹墪䤒븇㰭() call System.Void ⇮幸肣�⻅ထ꿷䏢ሺ뙣䜞琢均擫ﻅ❇맡::嚃몆琐䴦胩啴鳙꣛﵊娬Ƭ✑寝ꮖ뭽㓕Ⴤ() call System.Void ⇮幸肣�⻅ထ꿷䏢ሺ뙣䜞琢均擫ﻅ❇맡::�몓킐皔㒀핂砺푿識ு쐡㿘鈒㐿踔㿾મ➠() ret <null>

Artefacts

Name0	Value
CnC	alexisfargo425.m
Port	alexisfargo425.m
PE Layout	MemoryMapped (process dump suspected)
CnC	alexisfargo425.m
Port	alexisfargo425.m
PE Layout	MemoryMapped (process dump suspected)

59fdc2996d9b173b825a7360e80a1357 (376.84 KB)