5e6a37ab09494031ecd0b8cd04ca886e

PE Executable
|
MD5: 5e6a37ab09494031ecd0b8cd04ca886e
|
Size: 376.84 KB
|
application/x-dosexec

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	5e6a37ab09494031ecd0b8cd04ca886e
Sha1	80341117ddff57f2509929758405ec47c8d482b2
Sha256	87c2585f046cbe576e2932208b634750d3faacadd2cc17fc2df43b1b6fc06ef2
Sha384	45abeb84be977debdc307ce27351cf218b3e036529a9d73450c8694280b238bb55d8ddebdcb2e1801694831736fdebf8
Sha512	30a088801aee31d7e56152dc04b1fa891d9d45de97cba4dbdb55f8c5e55da3d58775721ca6442a058a0cecf7b8a351256193989999772676279bbfe0fccdc113
SSDeep	6144:L3+zrEsiN1Pzy1dBrq2UbRRF2aNVkpaoWlSt9/q0B:LxsiNo1VGf2OkpaZSH/FB
TLSH	4A848C1377A4D93BD1FD6B3AE43206154BB4D443BB16F38F9A5896B82D123868D903B3

PeID

.NET executable

Microsoft Visual C# / Basic .NET

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL

Microsoft Visual C# v7.0 / Basic .NET

Microsoft Visual Studio .NET

File Structure

Malware Configuration - QuasarRAT config.

Config. Field0	Value
Conf. AES-Salt	BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Conf. AES-Key	ypZCvENatanvbnIPZCJQ
Conf. AES-Salt	BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port	win2325.webredire
Host	win2325.webredire
Conf. AES-Key	ypZCvENatanvbnIPZCJQ
Version	1.3.0.0
Port	5552
Host	windows10-11.ddnsfree.com
ReconnectDelay	2999
Key	oXCnUiPgBL0sy3Tlv+F8LQ==
AuthKey	h36LUNE6D6Y9hpohEF6YNS5bniF/Glgol+St+nwGv2QBfXWLmUsLx5aanXm2PRFz2aY54a//jMvBGR9l4hF9Vg==
SubDirectory	SubDir
InstallName	Client.exe
Install	0
Startup	0
Mutex	RSQ_XETUMMUTEX_lrUYmBHZdXBkMrvqt
StartupKey	Quasar Client St
HideFile	0
EnableLogger	1
Tag	TT
LogDirectory	Loganose
HideLogDirectory	0
HideLogSubdirectory	0

Informations

Name0	Value
Info	PE Detect: PeReader FAIL, AsmResolver Mapped OK
Info	Remap: Mapped -> FileLayout (RAM only) as [Rebuild from dump]_6aca710b.exe
Module Name	Client.exe
Full Name	Client.exe
EntryPoint	System.Void 帳셇咋玮갩즇馚撡팁馿묒μﰻ�ë뱮ᷗ::Main(System.String[])
Scope Name	Client.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Client
Assembly Version	1.3.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.0,Profile=Client
Total Strings	896
Main Method	System.Void 帳셇咋玮갩즇馚撡팁馿묒μﰻ�ë뱮ᷗ::Main(System.String[])
Main IL Instruction Count	19
Main IL	call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void 帳셇咋玮갩즇馚撡팁馿묒μﰻ�ë뱮ᷗ::⓵먙ೈ膛鼆釳㴸惇㰸돿⓽⥴杕(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Boolean 陲䗗ຖ✧蘬擮牸웮첇썃㰖Ꮼ맦꥘杆瘪᫆큭草ถ::ꚉᚦ쩼ꄜ⻼ດඑ᳙䓒＿齓䱱ᩗ瀅垁ꏊ叐殁() brfalse.s IL_0040: call System.Void 帳셇咋玮갩즇馚撡팁馿묒μﰻ�ë뱮ᷗ::ﳍ통注㺠ូ篤鲽㸇埑⹮ီ콬풋橈ᤡ勚䄜ࡀ() call System.Boolean 帳셇咋玮갩즇馚撡팁馿묒μﰻ�ë뱮ᷗ::윌駇犾휮墲蚸㋨贞يཷ氂處ጆ䰷떒⺚ỿ慭懚() brfalse.s IL_0040: call System.Void 帳셇咋玮갩즇馚撡팁馿묒μﰻ�ë뱮ᷗ::ﳍ통注㺠ូ篤鲽㸇埑⹮ီ콬풋橈ᤡ勚䄜ࡀ() call System.Boolean 砖սꈪᲙﱄ酪퀹䲁罣곈棁�蹅ꂛ�鉍೟涮왴�::get_Exiting() brtrue.s IL_0040: call System.Void 帳셇咋玮갩즇馚撡팁馿묒μﰻ�ë뱮ᷗ::ﳍ통注㺠ូ篤鲽㸇埑⹮ီ콬풋橈ᤡ勚䄜ࡀ() ldsfld 砖սꈪᲙﱄ酪퀹䲁罣곈棁�蹅ꂛ�鉍೟涮왴� 帳셇咋玮갩즇馚撡팁馿묒μﰻ�ë뱮ᷗ::ﶋ䟴輬⁎ឯꪽ囆ࢿꍼ技╮ꪰ樎ሻ痦后鯌 callvirt System.Void 砖սꈪᲙﱄ酪퀹䲁罣곈棁�蹅ꂛ�鉍೟涮왴�::邨쫉啣瞴䒿㨍烒⣡샆ծ孢䕆担ˠ಄谗햑鱭() call System.Void 帳셇咋玮갩즇馚撡팁馿묒μﰻ�ë뱮ᷗ::ﳍ통注㺠ូ篤鲽㸇埑⹮ီ콬풋橈ᤡ勚䄜ࡀ() call System.Void 帳셇咋玮갩즇馚撡팁馿묒μﰻ�ë뱮ᷗ::紶䯯ᒮᔏ騱�旌⻩⟱洜狱ᬞ�첑䜒() ret <null>
Module Name	Client.exe
Full Name	Client.exe
EntryPoint	System.Void 帳셇咋玮갩즇馚撡팁馿묒μﰻ�ë뱮ᷗ::Main(System.String[])
Scope Name	Client.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Client
Assembly Version	1.3.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.0,Profile=Client
Total Strings	896
Main Method	System.Void 帳셇咋玮갩즇馚撡팁馿묒μﰻ�ë뱮ᷗ::Main(System.String[])
Main IL Instruction Count	19
Main IL	call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void 帳셇咋玮갩즇馚撡팁馿묒μﰻ�ë뱮ᷗ::⓵먙ೈ膛鼆釳㴸惇㰸돿⓽⥴杕(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Boolean 陲䗗ຖ✧蘬擮牸웮첇썃㰖Ꮼ맦꥘杆瘪᫆큭草ถ::ꚉᚦ쩼ꄜ⻼ດඑ᳙䓒＿齓䱱ᩗ瀅垁ꏊ叐殁() brfalse.s IL_0040: call System.Void 帳셇咋玮갩즇馚撡팁馿묒μﰻ�ë뱮ᷗ::ﳍ통注㺠ូ篤鲽㸇埑⹮ီ콬풋橈ᤡ勚䄜ࡀ() call System.Boolean 帳셇咋玮갩즇馚撡팁馿묒μﰻ�ë뱮ᷗ::윌駇犾휮墲蚸㋨贞يཷ氂處ጆ䰷떒⺚ỿ慭懚() brfalse.s IL_0040: call System.Void 帳셇咋玮갩즇馚撡팁馿묒μﰻ�ë뱮ᷗ::ﳍ통注㺠ូ篤鲽㸇埑⹮ီ콬풋橈ᤡ勚䄜ࡀ() call System.Boolean 砖սꈪᲙﱄ酪퀹䲁罣곈棁�蹅ꂛ�鉍೟涮왴�::get_Exiting() brtrue.s IL_0040: call System.Void 帳셇咋玮갩즇馚撡팁馿묒μﰻ�ë뱮ᷗ::ﳍ통注㺠ូ篤鲽㸇埑⹮ီ콬풋橈ᤡ勚䄜ࡀ() ldsfld 砖սꈪᲙﱄ酪퀹䲁罣곈棁�蹅ꂛ�鉍೟涮왴� 帳셇咋玮갩즇馚撡팁馿묒μﰻ�ë뱮ᷗ::ﶋ䟴輬⁎ឯꪽ囆ࢿꍼ技╮ꪰ樎ሻ痦后鯌 callvirt System.Void 砖սꈪᲙﱄ酪퀹䲁罣곈棁�蹅ꂛ�鉍೟涮왴�::邨쫉啣瞴䒿㨍烒⣡샆ծ孢䕆担ˠ಄谗햑鱭() call System.Void 帳셇咋玮갩즇馚撡팁馿묒μﰻ�ë뱮ᷗ::ﳍ통注㺠ូ篤鲽㸇埑⹮ီ콬풋橈ᤡ勚䄜ࡀ() call System.Void 帳셇咋玮갩즇馚撡팁馿묒μﰻ�ë뱮ᷗ::紶䯯ᒮᔏ騱�旌⻩⟱洜狱ᬞ�첑䜒() ret <null>

Artefacts

Name0	Value
CnC	windows10-11.ddnsfree.com
Port	5552
CnC	win2325.webredire
Port	win2325.webredire
PE Layout	MemoryMapped (process dump suspected)
CnC	windows10-11.ddnsfree.com
Port	5552
CnC	win2325.webredire
Port	win2325.webredire
PE Layout	MemoryMapped (process dump suspected)

5e6a37ab09494031ecd0b8cd04ca886e (376.84 KB)

5e6a37ab09494031ecd0b8cd04ca886e

PE Executable | MD5: 5e6a37ab09494031ecd0b8cd04ca886e | Size: 376.84 KB | application/x-dosexec

PE Executable
|
MD5: 5e6a37ab09494031ecd0b8cd04ca886e
|
Size: 376.84 KB
|
application/x-dosexec