Malicious
Malicious

6332505db61f12a4b71f5beed8ff2898

PE Executable
|
MD5: 6332505db61f12a4b71f5beed8ff2898
|
Size: 651.26 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

High

Hash
 Hash Value
MD5
6332505db61f12a4b71f5beed8ff2898
Sha1
a6462ce88681f52088006a50f8155ca592f8425f
Sha256
8852ef713bc0078d9ae391ceb5b2d5b4901dd63ab2a74a5155f9d0416a033718
Sha384
26aec8eabab4140187f4ee2b5d21e9e23f269ba7b4801cd4f13c9a30cac32e8c1e2d04707ee0cdf45c5cd4196230c60b
Sha512
5adea3120ee4114495e3df45f420fa2d23e7a8f64018e17bdc42dc263197a590151d9f1a6631a75c8025dedbd2a9ea0247a676098e57682473e38e724301c3f7
SSDeep
12288:+y4BUsmPCYSr+fkqjVnl36ud0zR/6CtQ9PUHIG8Dl8gSD+37PWY1Y1+BqHFvqR:54QgikqjVnlqud+/2P+AlUDcPt1avd
TLSH
54D4022037FC850BE2BFABBC9DB166115679F663E622DB4D098462DD0473381CD8237A

PeID

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
File Structure
6332505db61f12a4b71f5beed8ff2898
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
InvokedClient.InvokedClientApplication.resources
costura.costura.dll.compressed
costura.costura.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.costura.pdb.compressed
costura.costura.pdb
costura.gma.system.mousekeyhook.dll.compressed
costura.gma.system.mousekeyhook.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.invokedcommon.dll.compressed
costura.invokedcommon.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.newtonsoft.json.dll.compressed
costura.newtonsoft.json.dll
[Authenticode]_220cad77.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.protobuf-net.dll.compressed
costura.protobuf-net.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.system.diagnostics.diagnosticsource.dll.compressed
costura.system.diagnostics.diagnosticsource.dll
[Authenticode]_50c89911.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.metadata
Malware Configuration - QuasarRAT config.
Config. Field
 Value
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Conf. AES-Key

Version

aFQJmyhv5YxBOXiC8XLKBO190jhj7hCKsmSd2GTknCqwsXUwY/kkFLIEEfcChkxJt0Mzv8prLkwM1iLThlHNjQ==
Port

AqXEjZSS401MWy/g7JbdumT9T3fIGOy4/it9agqdYeMvPSXIVg3N+BL9lnN1toTKdvBnI0CLUZ0Y1syANGjwOYBuhtdpfSDN/SAw01JN8W2E7yZB88tSWQBJ4IPRWZxz
Host

AqXEjZSS401MWy/g7JbdumT9T3fIGOy4/it9agqdYeMvPSXIVg3N+BL9lnN1toTKdvBnI0CLUZ0Y1syANGjwOYBuhtdpfSDN/SAw01JN8W2E7yZB88tSWQBJ4IPRWZxz
ReconnectDelay

3000
Key

4n0geArkNv7sAS0UkcPbfF5SE9R4MU9wtaavuKZxmYGBYEb0SsdlQQEPXgmMIKxh5Qx/dqaQlAtLjBGUNFC0bw==
SubDirectory

PIej5+FK0p3Zk/Fo/2GO9ny2y5R//iGY8FjQvFP2IUCEBexgprXU4XQtvN24jqC9DWxVEnJ8FapTiWELDJjJEg==
InstallName

1
Install

0
Startup

uB3gBgL2kRcl5gwFbUhsW3QMlDBn5csCfjKAHs6VA9BLq0Mj03cWFsYOtkXDf5cPLLYOrhs8fs9798z7+WQk/uYTIOP2x6zQi4kK0XyvpNcRYxOxruAu681MJDnFpxBo
Mutex

xP8BVYxA4PiLnIXk36We1t8gIY4W4lBXEKMgdrinW5iubdLfmIteizNdIATPdLx1+eQ2b3YswRKM1WI78AAcSA==
StartupKey

1
HideFile

0
EnableLogger

750FE339934897C5B57D4CAE697468532B27F7B6
EncryptionKey

Bt0nv+o3oqD6Ptc2dK89fFX0L2xSRTUMrps+rMRwreou4p/JlKekIIBYa9xO8xENNUbiMiDzcBQxdCFXsK0V4w==
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Client.exe
Full Name

Client.exe
EntryPoint

System.Void 퐟欘㴾쀚媔艳想髜๦꿪�듃뾓헅蘆ᇺ礼ù::Main()
Scope Name

Client.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.8
Total Strings

613
Main Method

System.Void 퐟欘㴾쀚媔艳想髜๦꿪�듃뾓헅蘆ᇺ礼ù::Main()
Main IL Instruction Count

21
Main IL

call System.Boolean 퐟欘㴾쀚媔艳想髜๦꿪�듃뾓헅蘆ᇺ礼ù::ꈍ蛺鐧濶ꊧ돧躲퇭刺ᠠ療�᳞䔿೰彈䨪夑() pop <null> ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4.2 <null> call System.Void System.Windows.Forms.Application::SetUnhandledExceptionMode(System.Windows.Forms.UnhandledExceptionMode) ldnull <null> ldftn System.Void 퐟欘㴾쀚媔艳想髜๦꿪�듃뾓헅蘆ᇺ礼ù::ᒐҳ篅橽䡥⨙퟇쓋게뤰燰꺒왨寅耊䚹祈(System.Object,System.Threading.ThreadExceptionEventArgs) newobj System.Void System.Threading.ThreadExceptionEventHandler::.ctor(System.Object,System.IntPtr) call System.Void System.Windows.Forms.Application::add_ThreadException(System.Threading.ThreadExceptionEventHandler) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void 퐟欘㴾쀚媔艳想髜๦꿪�듃뾓헅蘆ᇺ礼ù::�ꎈ羈섀擓Ⅱ꠭꜖ḡꌆ칪㚕ේ፽녽훈쒲轁⡻(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void 鄡쭑⟣雉뿓触痁荌蔆蝘鉌嚐쌝鸲⇉༜r૥Ỻ::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Module Name

Client.exe
Full Name

Client.exe
EntryPoint

System.Void 퐟欘㴾쀚媔艳想髜๦꿪�듃뾓헅蘆ᇺ礼ù::Main()
Scope Name

Client.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.8
Total Strings

613
Main Method

System.Void 퐟欘㴾쀚媔艳想髜๦꿪�듃뾓헅蘆ᇺ礼ù::Main()
Main IL Instruction Count

21
Main IL

call System.Boolean 퐟欘㴾쀚媔艳想髜๦꿪�듃뾓헅蘆ᇺ礼ù::ꈍ蛺鐧濶ꊧ돧躲퇭刺ᠠ療�᳞䔿೰彈䨪夑() pop <null> ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4.2 <null> call System.Void System.Windows.Forms.Application::SetUnhandledExceptionMode(System.Windows.Forms.UnhandledExceptionMode) ldnull <null> ldftn System.Void 퐟欘㴾쀚媔艳想髜๦꿪�듃뾓헅蘆ᇺ礼ù::ᒐҳ篅橽䡥⨙퟇쓋게뤰燰꺒왨寅耊䚹祈(System.Object,System.Threading.ThreadExceptionEventArgs) newobj System.Void System.Threading.ThreadExceptionEventHandler::.ctor(System.Object,System.IntPtr) call System.Void System.Windows.Forms.Application::add_ThreadException(System.Threading.ThreadExceptionEventHandler) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void 퐟欘㴾쀚媔艳想髜๦꿪�듃뾓헅蘆ᇺ礼ù::�ꎈ羈섀擓Ⅱ꠭꜖ḡꌆ칪㚕ේ፽녽훈쒲轁⡻(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void 鄡쭑⟣雉뿓触痁荌蔆蝘鉌嚐쌝鸲⇉༜r૥Ỻ::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Artefacts
Name
 Value
CnC

AqXEjZSS401MWy/g7JbdumT9T3fIGOy4/it9agqdYeMvPSXIVg3N+BL9lnN1toTKdvBnI0CLUZ0Y1syANGjwOYBuhtdpfSDN/SAw01JN8W2E7yZB88tSWQBJ4IPRWZxz
Port

AqXEjZSS401MWy/g7JbdumT9T3fIGOy4/it9agqdYeMvPSXIVg3N+BL9lnN1toTKdvBnI0CLUZ0Y1syANGjwOYBuhtdpfSDN/SAw01JN8W2E7yZB88tSWQBJ4IPRWZxz
6332505db61f12a4b71f5beed8ff2898 (651.26 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙