Malicious
Malicious

6b59f2ca347a24f0a86ea8ed9d17ee74

PE Executable
|
MD5: 6b59f2ca347a24f0a86ea8ed9d17ee74
|
Size: 1.09 MB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
6b59f2ca347a24f0a86ea8ed9d17ee74
Sha1
34650e3267bb75eec237f645b9ddd996c017fe12
Sha256
8c5659ff1e439fdb199c25ac76fb8d3e9c45b702ac8c99073ccdf7fd1f9cdbfd
Sha384
8c13dd7f0c9f03c192c9d06d6a3d31725d476fa3d6906c53667317232682d375f3dc6ab8f158fed6cf44cefcf1e41683
Sha512
25c2a940c4afb4f54fe46c67c5dc7b6040670c14338df3e81ddc4b6966715e70089b3b46d05f0e2e49444bbde895d741ba56d65e33cdceda45b465e6730595f3
SSDeep
24576:Faynkc1ZzBvtrZHFjMKY286OOLAlel6qbWtRvRxZ:synkc1ZzBvtrZHFjMKY2zglel6KW
TLSH
CB353A14E7F86595F06E7F32747498150A38BE436A3DA74B2B9591980F6B380CCB2F63

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
6b59f2ca347a24f0a86ea8ed9d17ee74
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - QuasarRAT config.
Config. Field
 Value
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Conf. AES-Key

gfz6ANqqncWsAWZd8EiF
Version

2.7.0.0
Port

selectbackup.ddn
Host

selectbackup.ddn
ReconnectDelay

3000
Key

WOtrgpk9s0tBaHY5wCncig==
SubDirectory

3NSukrM1umntSCeOfe75jwutvrgJwZ7RLjyzE7JUxjslb9d4x20pPVjO5raGfg1wGJ0S+FaZONO2tAMvGOYaZA==
Install

Venom.exe
Startup

0
Mutex

0
StartupKey

0
HideFile

4m697TywNrGW2bvU
EnableLogger

0
EncryptionKey

Venom Client Sta
Malware Configuration - URLs in VBA/VBS Code
Config. Field
 Value
URL #1

http://schemas.microsoft.com/SMI/2005/WindowsSettings
URL #2

http://schemas.microsoft.com/SMI/2016/WindowsSettings
Artefacts
Name
 Value
CnC

selectbackup.ddn
Port

selectbackup.ddn
6b59f2ca347a24f0a86ea8ed9d17ee74 (1.09 MB)
File Structure
6b59f2ca347a24f0a86ea8ed9d17ee74
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Characteristics
Malware Configuration - QuasarRAT config.
Config. Field
 Value
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Conf. AES-Key

gfz6ANqqncWsAWZd8EiF
Version

2.7.0.0
Port

selectbackup.ddn
Host

selectbackup.ddn
ReconnectDelay

3000
Key

WOtrgpk9s0tBaHY5wCncig==
SubDirectory

3NSukrM1umntSCeOfe75jwutvrgJwZ7RLjyzE7JUxjslb9d4x20pPVjO5raGfg1wGJ0S+FaZONO2tAMvGOYaZA==
Install

Venom.exe
Startup

0
Mutex

0
StartupKey

0
HideFile

4m697TywNrGW2bvU
EnableLogger

0
EncryptionKey

Venom Client Sta
Malware Configuration - URLs in VBA/VBS Code
Config. Field
 Value
URL #1

http://schemas.microsoft.com/SMI/2005/WindowsSettings
URL #2

http://schemas.microsoft.com/SMI/2016/WindowsSettings
Artefacts
Name
 Value Location
CnC

selectbackup.ddn

Malicious

6b59f2ca347a24f0a86ea8ed9d17ee74
Port

selectbackup.ddn

Malicious

6b59f2ca347a24f0a86ea8ed9d17ee74
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙