Malicious
Malicious

5f8321c55d3ffcf56105303b96299ce6

PE Executable
|
MD5: 5f8321c55d3ffcf56105303b96299ce6
|
Size: 3.28 MB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Low

Hash
 Hash Value
MD5
5f8321c55d3ffcf56105303b96299ce6
Sha1
96d13c4a42644159a851ff7cd65dbda30a30c07b
Sha256
4c1cc0aa49edbc0a2cccd62d28a01cf22c22ab7b3aef79fbb3ef22f7536dd645
Sha384
f29a1d1c51850f0f0770196befdaec0e7426a3c9668908d41ba2e2354bb6efcf12ccfb4f6008666fe508f11cb3d0d56b
Sha512
2c155025e6b5a9c1428d56e5ebbd79b7a9b4bbb5f91d1011bb792ae9aaafc7f0df7f4ab2fd9e0fd82476a0f7f0f2a34aeeeed4179f2b80f93a20bb643d29cc0e
SSDeep
49152:VvYg62iAa8rBmPxl0XxlttPamaBV/662ugvJL1oGd2THHB72eh2NTw:Vvp62iAa8rBmPxl0XxvtPamaLaucY
TLSH
9FE55A143BF85E32E16BE6B2D5B0501663F1F82AF363EB1B6181677E1C93B405C416AB

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
5f8321c55d3ffcf56105303b96299ce6
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0-preview.png
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Quasar.Client.Properties.Resources.resources
ILRepack.List
Malware Configuration - QuasarRAT config.
Config. Field
 Value
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

443
Host

au88-top.com
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

443
Host

mqdfpy.sa.com
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

443
Host

vn-au88.com
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

443
Host

consultrade.uk.com
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

443
Host

au88kitty.com

Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

443
Host

uotahi.za.com
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

443
Host

erogen.ru.com
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

443
Host

au88-binb.com
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

443
Host

au88.it.com
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

443
Host

au88vietnam.pro
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

443
Host

testseriesbymadhavi.in.net
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

4782
Host

www.au88-top.com
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

4782
Host

www.mqdfpy.sa.com
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

4782
Host

www.vn-au88.com
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

4782
Host

www.consultrade.uk.com
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

4782
Host

www.au88kitty.com

Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

4782
Host

www.uotahi.za.com
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

4782
Host

www.erogen.ru.com
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

4782
Host

www.au88-binb.com
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

4782
Host

www.au88.it.com
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

4782
Host

www.au88vietnam.pro
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

4782
Host

www.testseriesbymadhavi.in.net
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

4782
Host

au88-top.com
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

4782
Host

mqdfpy.sa.com
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

4782
Host

vn-au88.com
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

4782
Host

consultrade.uk.com
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

4782
Host

au88kitty.com

Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

4782
Host

uotahi.za.com
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

4782
Host

erogen.ru.com
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

4782
Host

au88-binb.com
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

4782
Host

au88.it.com
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

4782
Host

au88vietnam.pro
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Version

1.4.1
Port

4782
Host

testseriesbymadhavi.in.net
ReconnectDelay

3000
SubDirectory

Anti
InstallName

WagerShieldAnti-Fraud.exe
Install

1
Startup

1
Mutex

05758875-7806-4ed6-a311-ef47ce260b82
StartupKey

WagerShield Anti-Fraud Client Startup
HideFile

1
EnableLogger

1
Tag

WagerShield_1
LogDirectory

Logs
ServerSignature

fwNDIQzJ+XBMN865bTRtXM7sEy5I5BxrmCaAilXYem03UqFwdPMpyAU162rA4bCIXhxMg09iWUS3+oOJRWe5zCXKAoRvwt2MkoZvOmw6S/2+Txy5zPTNzsVBvLoNxHboAKAJOhBo3NqMRYSqP9tC06ai2IK4Fw6y/DIFRoOteKoGHAhJD4u+dlWhSVV+QIgz8gXap0NsPjSDQtN2XF6VbZ+0AL9qRqDSjRxqUluhlusYg/8CdwJbaZa8zb4sFDMs8AmjFCiOSJJLa5ns5r9vVfAMZxg2ZLrvfwUr2l9RQ2WVav0qPbbRlFSwV11n5qH2k8kQoIWjc01RKhbKYwrAw/Sy9N1VmCdDwZAsjuwzvc2O/BTOiHbJ4ug1MKs0mkirRuQ8voBn0Az8eLxR6Zvdg8Ez4fczQO9uC51Ma0/vdQmaCxGBy6BXU6j4QHKaZZeGCDNot9844Gp0DrbsgPoE7IPSTgd8HXChB9pyTMrc6ai9s5iweIwS/s6ftNEerYBHbf9modwrYsS3OTcnwQQMUX58kXYrJX4kWw9ZRKl+vzAh9tzPSzD/Hekcyxu7QZdhEhC7k6MJD//4zlVfnl1yPVh/kEGI06M30XWEyou3poyjW8pT/DXaOhQnZ/Gp7FcA2g20mxl4I20GrW4KU2AFu7h8FKYXFC96vgbBSJdxV6s=
ServerCertificate

MIIE9DCCAtygAwIBAgIQALpmuy0cmWc/6HQ0xJDqVzANBgkqhkiG9w0BAQ0FADAbMRkwFwYDVQQDDBBRdWFzYXIgU2VydmVyIENBMCAXDTI2MDEyMjIxMzM1NVoYDzk5OTkxMjMxMjM1OTU5WjAbMRkwFwYDVQQDDBBRdWFzYXIgU2VydmVyIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsLG835ZmdPKrQdugxjx1lYawHh6aR86omvz937FIs34JbdruYOk4oKj05X9AjIJHJ66p0fN/mfMFg28ujhYwg+IC3HK8c8BexxqVU7/NwEv+CdBvPdqxK0oc4VSAs2N24fZ2ZNQ6x9snH1P0GL2IDcHG790wF79m37h/HiWUXzfSu/PDSyGWNpq6GeZKziRn/fAVH3iPXKqBqlHUo4YyRvany3WYadq83BfEw2CZqRSSbetEDCc0ApK2jMNVQA1BG7J7MbkWtKMritKxTqHI4hxhPlWew7qAMpKItgqsE2NnG0TWci1XNCCbQerHXAdI8/S4uBnvzvQlLxMyOc0Tx86XOizFl0zid1T6gnQJvKh2ZAbRl3wK8BrNY+LR7CT3RdV8wQyuSwTWJyn1uNY5S0rFu2kf6XLgqcsTZZ7WHcIhO0RiFjf7M/9ajY4QVviwns2jcTevI9QE/yKdLlLNkm4euO4wPGyHZUeapaQZY01STc8zgtKdSABcG0yXs8pp9VGWwBwHAYJymAPTQl2mFQX54Mc9HrUMYxebieKNtuHdovQwFMIKFYjpSwy6kZ/y9wys6xuKGkzI9VKVUMYT8DA1VzWtO7pV/r5A5SBj6NVvReHHVdeTymupzWMoQjFv4JmegrmR9xnhUEA5BJ99vTuRYdmn+hcCaMwjpDgSr3sCAwEAAaMyMDAwHQYDVR0OBBYEFCNoryvn36PO+JwOl8YZ3epR3koWMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQENBQADggIBAJpCnn1sjdgSDrkQELaGy6Eh98dtpevYHDU4UekvqPxXJw6BnYmdjDQ5Et5ZAIom9W9uv+WTar96dmcmj9ibTr69/SCZoenBMu8A3W0RkLzYXJuCa3QwkqksZmdID/A55A2t69Ve4IBlixlrRA4X9TLPS+yHFpM4zw7ihyw3xKUbzf/YQPffiwPQrCCWFLCnJP4Bhip6/gI2gTPRhZnIINk90DLPmF+y36/ABG9yaGo/iOxMYg9CbU5ZhN/XACzCSOVWx0478S1fS0TEF4yxuCYFVbhWpL4PvMFLw3P9tSSFsq2fUCaZmrlq3uV7pmWhVS7krxdPrKcvYQJQ/LWB2TbuuEPCeb/Z3gjQkUdabSs8G7HwFLSuNP0U6xsOfI13/zPMLVeBhECK3t7tRFSoWAULvAl+aTFkVR5j/cwFFg1DhJsP/UMPsK2zHsqMHxiP7D1ZAmRbUEAMMj+KxUnAFg2/Fn7Bj4vpwx5VmLpWeOE+UWq9cTFw+XpXo83wfT4b2zqU4LmWoshNnZNK4Qow3DNzX+AJkly0wlXB+nGtA6kqRn06IjtiaCEaxSTT4SZ3SnDE5Zpkzfdlu3VDfghai52rBbVaY2xP3tYEb91B1RCmDvG/jQQpYAnXYkrr94PmLdR9OxGjX/WpcdI1MMYaEwTnGQlEoMX3+zVwpH4gLOHX
HideLogDirectory

1
HideLogSubdirectory

1
UnattendedMod

0
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Client
Full Name

Client
EntryPoint

System.Void 鲿它檏幢첅Ƙ꺰酒�㍓큔ݧ낞ꫳ㹚帮ꆡ㬑죥::Main(System.String[])
Scope Name

Client
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

1.4.1.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5.2
Total Strings

11123
Main Method

System.Void 鲿它檏幢첅Ƙ꺰酒�㍓큔ݧ낞ꫳ㹚帮ꆡ㬑죥::Main(System.String[])
Main IL Instruction Count

19
Main IL

ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4.2 <null> call System.Void System.Windows.Forms.Application::SetUnhandledExceptionMode(System.Windows.Forms.UnhandledExceptionMode) ldnull <null> ldftn System.Void 鲿它檏幢첅Ƙ꺰酒�㍓큔ݧ낞ꫳ㹚帮ꆡ㬑죥::緀规찿謥伛㼰�⯧槥膪谔鴆꧰㳘〣濱缂ਠپ뷀(System.Object,System.Threading.ThreadExceptionEventArgs) newobj System.Void System.Threading.ThreadExceptionEventHandler::.ctor(System.Object,System.IntPtr) call System.Void System.Windows.Forms.Application::add_ThreadException(System.Threading.ThreadExceptionEventHandler) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void 鲿它檏幢첅Ƙ꺰酒�㍓큔ݧ낞ꫳ㹚帮ꆡ㬑죥::険㒟ᲰÃ굣꧕ജ䧨㻂꓎䟆ꥱ災豛뜆챺ౠ姺㥇(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void ℱ㕡Ꞌ砐医뗅﫸͔툂炳쉉鮚ᱜ穂Ɠ㈹럱::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Module Name

Client
Full Name

Client
EntryPoint

System.Void 鲿它檏幢첅Ƙ꺰酒�㍓큔ݧ낞ꫳ㹚帮ꆡ㬑죥::Main(System.String[])
Scope Name

Client
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

1.4.1.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5.2
Total Strings

11123
Main Method

System.Void 鲿它檏幢첅Ƙ꺰酒�㍓큔ݧ낞ꫳ㹚帮ꆡ㬑죥::Main(System.String[])
Main IL Instruction Count

19
Main IL

ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4.2 <null> call System.Void System.Windows.Forms.Application::SetUnhandledExceptionMode(System.Windows.Forms.UnhandledExceptionMode) ldnull <null> ldftn System.Void 鲿它檏幢첅Ƙ꺰酒�㍓큔ݧ낞ꫳ㹚帮ꆡ㬑죥::緀规찿謥伛㼰�⯧槥膪谔鴆꧰㳘〣濱缂ਠپ뷀(System.Object,System.Threading.ThreadExceptionEventArgs) newobj System.Void System.Threading.ThreadExceptionEventHandler::.ctor(System.Object,System.IntPtr) call System.Void System.Windows.Forms.Application::add_ThreadException(System.Threading.ThreadExceptionEventHandler) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void 鲿它檏幢첅Ƙ꺰酒�㍓큔ݧ낞ꫳ㹚帮ꆡ㬑죥::険㒟ᲰÃ굣꧕ജ䧨㻂꓎䟆ꥱ災豛뜆챺ౠ姺㥇(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void ℱ㕡Ꞌ砐医뗅﫸͔툂炳쉉鮚ᱜ穂Ɠ㈹럱::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Artefacts
Name
 Value
CnC

testseriesbymadhavi.in.net
Port

4782
CnC

au88vietnam.pro
CnC

au88.it.com
CnC

au88-binb.com
CnC

erogen.ru.com
CnC

uotahi.za.com
CnC

au88kitty.com

CnC

consultrade.uk.com
CnC

vn-au88.com
CnC

mqdfpy.sa.com
CnC

au88-top.com
CnC

www.testseriesbymadhavi.in.net
CnC

www.au88vietnam.pro
CnC

www.au88.it.com
CnC

www.au88-binb.com
CnC

www.erogen.ru.com
CnC

www.uotahi.za.com
CnC

www.au88kitty.com

CnC

www.consultrade.uk.com
CnC

www.vn-au88.com
CnC

www.mqdfpy.sa.com
CnC

www.au88-top.com
Port

443
5f8321c55d3ffcf56105303b96299ce6 (3.28 MB)
File Structure
5f8321c55d3ffcf56105303b96299ce6
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:0
ID:0-preview.png
RT_GROUP_CURSOR4
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Quasar.Client.Properties.Resources.resources
ILRepack.List
Characteristics
Malware Configuration - QuasarRAT config.
Config. Field
 Value
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

443
Host

au88-top.com
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

443
Host

mqdfpy.sa.com
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

443
Host

vn-au88.com
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

443
Host

consultrade.uk.com
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

443
Host

au88kitty.com

Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

443
Host

uotahi.za.com
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

443
Host

erogen.ru.com
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

443
Host

au88-binb.com
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

443
Host

au88.it.com
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

443
Host

au88vietnam.pro
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

443
Host

testseriesbymadhavi.in.net
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

4782
Host

www.au88-top.com
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

4782
Host

www.mqdfpy.sa.com
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

4782
Host

www.vn-au88.com
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

4782
Host

www.consultrade.uk.com
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

4782
Host

www.au88kitty.com

Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

4782
Host

www.uotahi.za.com
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

4782
Host

www.erogen.ru.com
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

4782
Host

www.au88-binb.com
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

4782
Host

www.au88.it.com
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

4782
Host

www.au88vietnam.pro
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

4782
Host

www.testseriesbymadhavi.in.net
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

4782
Host

au88-top.com
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

4782
Host

mqdfpy.sa.com
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

4782
Host

vn-au88.com
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

4782
Host

consultrade.uk.com
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

4782
Host

au88kitty.com

Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

4782
Host

uotahi.za.com
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

4782
Host

erogen.ru.com
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

4782
Host

au88-binb.com
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

4782
Host

au88.it.com
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Port

4782
Host

au88vietnam.pro
Conf. AES-Key

82F394B4927CC3A00727B49E79BD445CA70FCFB2
Version

1.4.1
Port

4782
Host

testseriesbymadhavi.in.net
ReconnectDelay

3000
SubDirectory

Anti
InstallName

WagerShieldAnti-Fraud.exe
Install

1
Startup

1
Mutex

05758875-7806-4ed6-a311-ef47ce260b82
StartupKey

WagerShield Anti-Fraud Client Startup
HideFile

1
EnableLogger

1
Tag

WagerShield_1
LogDirectory

Logs
ServerSignature

fwNDIQzJ+XBMN865bTRtXM7sEy5I5BxrmCaAilXYem03UqFwdPMpyAU162rA4bCIXhxMg09iWUS3+oOJRWe5zCXKAoRvwt2MkoZvOmw6S/2+Txy5zPTNzsVBvLoNxHboAKAJOhBo3NqMRYSqP9tC06ai2IK4Fw6y/DIFRoOteKoGHAhJD4u+dlWhSVV+QIgz8gXap0NsPjSDQtN2XF6VbZ+0AL9qRqDSjRxqUluhlusYg/8CdwJbaZa8zb4sFDMs8AmjFCiOSJJLa5ns5r9vVfAMZxg2ZLrvfwUr2l9RQ2WVav0qPbbRlFSwV11n5qH2k8kQoIWjc01RKhbKYwrAw/Sy9N1VmCdDwZAsjuwzvc2O/BTOiHbJ4ug1MKs0mkirRuQ8voBn0Az8eLxR6Zvdg8Ez4fczQO9uC51Ma0/vdQmaCxGBy6BXU6j4QHKaZZeGCDNot9844Gp0DrbsgPoE7IPSTgd8HXChB9pyTMrc6ai9s5iweIwS/s6ftNEerYBHbf9modwrYsS3OTcnwQQMUX58kXYrJX4kWw9ZRKl+vzAh9tzPSzD/Hekcyxu7QZdhEhC7k6MJD//4zlVfnl1yPVh/kEGI06M30XWEyou3poyjW8pT/DXaOhQnZ/Gp7FcA2g20mxl4I20GrW4KU2AFu7h8FKYXFC96vgbBSJdxV6s=
ServerCertificate

MIIE9DCCAtygAwIBAgIQALpmuy0cmWc/6HQ0xJDqVzANBgkqhkiG9w0BAQ0FADAbMRkwFwYDVQQDDBBRdWFzYXIgU2VydmVyIENBMCAXDTI2MDEyMjIxMzM1NVoYDzk5OTkxMjMxMjM1OTU5WjAbMRkwFwYDVQQDDBBRdWFzYXIgU2VydmVyIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsLG835ZmdPKrQdugxjx1lYawHh6aR86omvz937FIs34JbdruYOk4oKj05X9AjIJHJ66p0fN/mfMFg28ujhYwg+IC3HK8c8BexxqVU7/NwEv+CdBvPdqxK0oc4VSAs2N24fZ2ZNQ6x9snH1P0GL2IDcHG790wF79m37h/HiWUXzfSu/PDSyGWNpq6GeZKziRn/fAVH3iPXKqBqlHUo4YyRvany3WYadq83BfEw2CZqRSSbetEDCc0ApK2jMNVQA1BG7J7MbkWtKMritKxTqHI4hxhPlWew7qAMpKItgqsE2NnG0TWci1XNCCbQerHXAdI8/S4uBnvzvQlLxMyOc0Tx86XOizFl0zid1T6gnQJvKh2ZAbRl3wK8BrNY+LR7CT3RdV8wQyuSwTWJyn1uNY5S0rFu2kf6XLgqcsTZZ7WHcIhO0RiFjf7M/9ajY4QVviwns2jcTevI9QE/yKdLlLNkm4euO4wPGyHZUeapaQZY01STc8zgtKdSABcG0yXs8pp9VGWwBwHAYJymAPTQl2mFQX54Mc9HrUMYxebieKNtuHdovQwFMIKFYjpSwy6kZ/y9wys6xuKGkzI9VKVUMYT8DA1VzWtO7pV/r5A5SBj6NVvReHHVdeTymupzWMoQjFv4JmegrmR9xnhUEA5BJ99vTuRYdmn+hcCaMwjpDgSr3sCAwEAAaMyMDAwHQYDVR0OBBYEFCNoryvn36PO+JwOl8YZ3epR3koWMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQENBQADggIBAJpCnn1sjdgSDrkQELaGy6Eh98dtpevYHDU4UekvqPxXJw6BnYmdjDQ5Et5ZAIom9W9uv+WTar96dmcmj9ibTr69/SCZoenBMu8A3W0RkLzYXJuCa3QwkqksZmdID/A55A2t69Ve4IBlixlrRA4X9TLPS+yHFpM4zw7ihyw3xKUbzf/YQPffiwPQrCCWFLCnJP4Bhip6/gI2gTPRhZnIINk90DLPmF+y36/ABG9yaGo/iOxMYg9CbU5ZhN/XACzCSOVWx0478S1fS0TEF4yxuCYFVbhWpL4PvMFLw3P9tSSFsq2fUCaZmrlq3uV7pmWhVS7krxdPrKcvYQJQ/LWB2TbuuEPCeb/Z3gjQkUdabSs8G7HwFLSuNP0U6xsOfI13/zPMLVeBhECK3t7tRFSoWAULvAl+aTFkVR5j/cwFFg1DhJsP/UMPsK2zHsqMHxiP7D1ZAmRbUEAMMj+KxUnAFg2/Fn7Bj4vpwx5VmLpWeOE+UWq9cTFw+XpXo83wfT4b2zqU4LmWoshNnZNK4Qow3DNzX+AJkly0wlXB+nGtA6kqRn06IjtiaCEaxSTT4SZ3SnDE5Zpkzfdlu3VDfghai52rBbVaY2xP3tYEb91B1RCmDvG/jQQpYAnXYkrr94PmLdR9OxGjX/WpcdI1MMYaEwTnGQlEoMX3+zVwpH4gLOHX
HideLogDirectory

1
HideLogSubdirectory

1
UnattendedMod

0
Artefacts
Name
 Value Location
CnC

testseriesbymadhavi.in.net

Malicious

5f8321c55d3ffcf56105303b96299ce6
Port

4782

Malicious

5f8321c55d3ffcf56105303b96299ce6
CnC

au88vietnam.pro

Malicious

5f8321c55d3ffcf56105303b96299ce6
CnC

au88.it.com

Malicious

5f8321c55d3ffcf56105303b96299ce6
CnC

au88-binb.com

Malicious

5f8321c55d3ffcf56105303b96299ce6
CnC

erogen.ru.com

Malicious

5f8321c55d3ffcf56105303b96299ce6
CnC

uotahi.za.com

Malicious

5f8321c55d3ffcf56105303b96299ce6
CnC

au88kitty.com

Malicious

5f8321c55d3ffcf56105303b96299ce6
CnC

consultrade.uk.com

Malicious

5f8321c55d3ffcf56105303b96299ce6
CnC

vn-au88.com

Malicious

5f8321c55d3ffcf56105303b96299ce6
CnC

mqdfpy.sa.com

Malicious

5f8321c55d3ffcf56105303b96299ce6
CnC

au88-top.com

Malicious

5f8321c55d3ffcf56105303b96299ce6
CnC

www.testseriesbymadhavi.in.net

Malicious

5f8321c55d3ffcf56105303b96299ce6
CnC

www.au88vietnam.pro

Malicious

5f8321c55d3ffcf56105303b96299ce6
CnC

www.au88.it.com

Malicious

5f8321c55d3ffcf56105303b96299ce6
CnC

www.au88-binb.com

Malicious

5f8321c55d3ffcf56105303b96299ce6
CnC

www.erogen.ru.com

Malicious

5f8321c55d3ffcf56105303b96299ce6
CnC

www.uotahi.za.com

Malicious

5f8321c55d3ffcf56105303b96299ce6
CnC

www.au88kitty.com

Malicious

5f8321c55d3ffcf56105303b96299ce6
CnC

www.consultrade.uk.com

Malicious

5f8321c55d3ffcf56105303b96299ce6
CnC

www.vn-au88.com

Malicious

5f8321c55d3ffcf56105303b96299ce6
CnC

www.mqdfpy.sa.com

Malicious

5f8321c55d3ffcf56105303b96299ce6
CnC

www.au88-top.com

Malicious

5f8321c55d3ffcf56105303b96299ce6
Port

443

Malicious

5f8321c55d3ffcf56105303b96299ce6
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙