Malicious
Malicious

7c26de59ad48e07090ff995d732b5e91

PE Executable
|
MD5: 7c26de59ad48e07090ff995d732b5e91
|
Size: 514.05 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

Low

Hash
 Hash Value
MD5
7c26de59ad48e07090ff995d732b5e91
Sha1
04fd9554e18e80ab9c7f090e1f4c5d7f4e961579
Sha256
a6640f14b119df661bb6d99d1e16a07a5d0f609c5d4ea3375ef3fa74bcab8d14
Sha384
8314385ed577785d08d9ed31fdef0c02699b278b4f3ff4f416ccb9aa08150e1578d4a21fe4292dea2357aa72afbc8de5
Sha512
c8e4609cd5f1365e0571047eaaf39b3de5876826ce5d8f68f563a3043f779ec6c476122982f6112b4e657789da3593d4631c633cfd7a0feb2b7c2fdcafe18c9b
SSDeep
6144:xTEgdc0YFX7IxUpGREWPOhYUZTP0bC2cE38b8F9STsMsGD2N6icTR3y:xTEgdfY+xUCw2HnZi2N6icdy
TLSH
4EB46B4023F8862BE5BF5779E87105205BF9F407B26BFB5F4541B0E92CA67069E40BA3

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
7c26de59ad48e07090ff995d732b5e91
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Quasar.Client.Properties.Resources.resources
ILRepack.List
Malware Configuration - QuasarRAT config.
Config. Field
 Value
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Conf. AES-Key

C3B62195F19910EF379EFEFAC110A45451753B53
Version

1.4.0
Port

16
Host

45.81.113.187
ReconnectDelay

30
SubDirectory

SubDir
InstallName

client.exe
Install

1
Startup

1
Mutex

2c1b2e6c-18ee-42b8-8c19-f939412a
StartupKey

Defender
HideFile

1
EnableLogger

1
Tag

sigorta
LogDirectory

KEYLOGGER KAYIT
ServerSignature

BPINCFGzG2MKaGPFPK+T6NZEg0WfceyC9+ptXi4o2rch1GKPVFZpiyYLanQLZUr4YBKQNJmEjAuL9122r5brJtvz+HZdmYuTuKl37FMjNHspPd2zJilunS0wWuTQ97EAhr5LwruSQWDE9zLDve0YjGUn3nOLNxY+GGCedCCb2VZ1UsTR4gwSkpcyXWi75NoHX0yO9A4sMa1fxa7ypNsTLOgndOJoNw9i1346GG8b3GdJ1a5Xp5pCLoybxaQ+eFPSsfWn6BXDFYjdtIsNSyVIwEnm/Egp/9dfPVK++dnqy87G5BFhOkgTqwjZZrjmy2F5vfVSdRckXZ69rvjGy7fP4R6clZ5c4X6YDMz33F3KtHHQM4t1flC08PmV4sqVPyQzX5S/yzctDY0EfRTWxW8NDwgtGmc7eWf0Gc40vUX3gjQhTTIwRqpIogNA9XaVZW9ehsLigk5Lfiy7AN6VFeeEcGbTTeE6dmLGa6hOMQri9ZuFMZqdwYaRPebyaVp1ZuOX/CiYF4TqnheLpP+jT65ebt0LgYJDsD0xHsOsTzE4bMQUcdq4tvHBLrbEzrO4utON5YeprlCgIBwc7B20PVL0IemjRe8uV+moyjSV5Sp80qbF8Y5qKh9mP1auVyy+Zs/6BgmwJC2A8CJkz4qItYWga9JIRsQs+JOE
ServerCertificate

MIIE9DCCAtygAwIBAgIQAP/5CXGK+DEFDiQIwFdTSTANBgkqhkiG9w0BAQ0FADAbMRkwFwYDVQQDDBBRdWFzYXIgU2VydmVyIENBMCAXDTI1MDgxODA4MTgxMVoYDzk5OTkxMjMxMjM1OTU5WjAbMRkwFwYDVQQDDBBRdWFzYXIgU2VydmVyIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAkQpreWlXQlvUXjtxV2oSoGl7mUfwBFW4ljOoYn/vVMA2WmIbw9HPXf+wFATUe8hWXcTY9RZiboWkgQfhDfPcDWSe+R7VHplaZFx8MFn4ht+v8uJVUEwHyZHC5xg+oerQ8YPmdC097/2BwwzVVILAhbwN1sDeTzCr3K53UgNUjDCNOF5C9H9/iGNMJu3mVeUU/+S6FTFd7i5u21rbL9wLib4X0ScHfBOdtYOuLAuq2gp+0MKFWj0CJOs7ngSElVSfM4mpDopv4BEXJkVWI9vCWgnIKLg5nscYYwFdyzqgKIUP8Cn6vK68a3s+eJc8ntXfYrsnMwgdAUiKnS11ROaWwYvUN9SZyiV3TMQ6opWTmddIPAZXIk8ZV1MFfdhEdhV4mozaGq+oX/UcbYFZc+ylugWIrrVs2aLYi1+AM4OGQ7PdT9UciWNgVUCK7QXZw906AaK/xwnv0dU+Z+URPYY8+H681Ehznyg3L7rdH43pmG0r2xLM1/9QK5tIi9lanvzTYadHIcEy876d/G/hpLDwvfbGUaHxB/CzDiOmPLjWLnrjaBNvINFQgZ6RwkmRY+udBolOy66PEkQqmkB5OedIqcWZoDxcmj7bNDABnnrQkEy7THBzrpCq1xp4jLSpJbkpnYXgsIRIv6Q544jcnLyGZw5JLzRR1UUr236+UMSkJbsCAwEAAaMyMDAwHQYDVR0OBBYEFKl7sRj/Admj4sGsPfl+TK39LF79MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQENBQADggIBABWpcJ6WFMvPRlvO3RKcO/vrc4t9CGcBz98ZqAHSQMS9Eu5tHa69a63lBardiEu4LtHHPIYVwyy/qrj5Yt0fhibRjhTaiJcdFCsYFYtdNJX8O4hrkfhNl/i6JABHzf7j3sMBMRAAMmesalgP3H0twFak7sgtGGMFkCrw3e7IXiHxL447P3xh9JU9oS+nu4dEDt7H2WBADli2WbSWepzVQuRu6/D1KowH+b9cvuF+gzzLMXaCm+kmUjws+NCxyJAnlvHjGAzC7FYlWPgdKIajlCnywDVC7kSzlX+HN3YkZAFxGChRLvoO5A2gNfurJSNZ7jofj/fGPeRXutR0gQjZJfiavPhZI9QLp6cazbH+C0H8b5PTniFesKyNXqJgnBCeoQ9GIS4BNiLYyshxv1B6shGCXZatyqeUOVjr1wM/AMgaOixwGGXBO6Z853FtIDPfrnVfTHPA2vUr8FFKBdmFVc7pYk+Xj6sBkYPdu8gK2NNPNrXHRppOgKxkP6eiY1TT/A5u4mE3CIQFftbhsdGTX8ZoAt+ztSjz21YQDm5g990B11Mj8PGLLvDdeWuZ3IWPiGicWxEyYledgfhaQ3P+aE8aUXbylOZcItr+GFPVxFzazrftJFDxt9VScMJ+OUzAgTXaZMPoBlfa18oVC327D+Ciycc6474jsM/x5Q70tXqT
HideLogDirectory

0
HideLogSubdirectory

1
UnattendedMod

1
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Client
Full Name

Client
EntryPoint

System.Void 낌�귗쭇�讚㫇임ᒇ텕ᵩೀ塐诫萷::Main(System.String[])
Scope Name

Client
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

1.4.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5.2
Total Strings

1552
Main Method

System.Void 낌�귗쭇�讚㫇임ᒇ텕ᵩೀ塐诫萷::Main(System.String[])
Main IL Instruction Count

19
Main IL

ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4.2 <null> call System.Void System.Windows.Forms.Application::SetUnhandledExceptionMode(System.Windows.Forms.UnhandledExceptionMode) ldnull <null> ldftn System.Void 낌�귗쭇�讚㫇임ᒇ텕ᵩೀ塐诫萷::㵯♎僅爅ﰧ桍Ẑ訏奃鄉╛ᴽ沀尡텉멾㽔䘡(System.Object,System.Threading.ThreadExceptionEventArgs) newobj System.Void System.Threading.ThreadExceptionEventHandler::.ctor(System.Object,System.IntPtr) call System.Void System.Windows.Forms.Application::add_ThreadException(System.Threading.ThreadExceptionEventHandler) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void 낌�귗쭇�讚㫇임ᒇ텕ᵩೀ塐诫萷::岅狅渍猧ꔺᚤ䈮ꯌ㕀輂짌갦䐠뛳紺(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void 㽨覞ꕵꋳ㕗谾ᷓ▪敫晱☢稩搥�欃ꎎ::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Module Name

Client
Full Name

Client
EntryPoint

System.Void 낌�귗쭇�讚㫇임ᒇ텕ᵩೀ塐诫萷::Main(System.String[])
Scope Name

Client
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

1.4.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.5.2
Total Strings

1552
Main Method

System.Void 낌�귗쭇�讚㫇임ᒇ텕ᵩೀ塐诫萷::Main(System.String[])
Main IL Instruction Count

19
Main IL

ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4.2 <null> call System.Void System.Windows.Forms.Application::SetUnhandledExceptionMode(System.Windows.Forms.UnhandledExceptionMode) ldnull <null> ldftn System.Void 낌�귗쭇�讚㫇임ᒇ텕ᵩೀ塐诫萷::㵯♎僅爅ﰧ桍Ẑ訏奃鄉╛ᴽ沀尡텉멾㽔䘡(System.Object,System.Threading.ThreadExceptionEventArgs) newobj System.Void System.Threading.ThreadExceptionEventHandler::.ctor(System.Object,System.IntPtr) call System.Void System.Windows.Forms.Application::add_ThreadException(System.Threading.ThreadExceptionEventHandler) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void 낌�귗쭇�讚㫇임ᒇ텕ᵩೀ塐诫萷::岅狅渍猧ꔺᚤ䈮ꯌ㕀輂짌갦䐠뛳紺(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void 㽨覞ꕵꋳ㕗谾ᷓ▪敫晱☢稩搥�欃ꎎ::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Artefacts
Name
 Value
CnC

45.81.113.187
Port

16
7c26de59ad48e07090ff995d732b5e91 (514.05 KB)
File Structure
7c26de59ad48e07090ff995d732b5e91
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
Quasar.Client.Properties.Resources.resources
ILRepack.List
Characteristics
Malware Configuration - QuasarRAT config.
Config. Field
 Value
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Conf. AES-Key

C3B62195F19910EF379EFEFAC110A45451753B53
Version

1.4.0
Port

16
Host

45.81.113.187
ReconnectDelay

30
SubDirectory

SubDir
InstallName

client.exe
Install

1
Startup

1
Mutex

2c1b2e6c-18ee-42b8-8c19-f939412a
StartupKey

Defender
HideFile

1
EnableLogger

1
Tag

sigorta
LogDirectory

KEYLOGGER KAYIT
ServerSignature

BPINCFGzG2MKaGPFPK+T6NZEg0WfceyC9+ptXi4o2rch1GKPVFZpiyYLanQLZUr4YBKQNJmEjAuL9122r5brJtvz+HZdmYuTuKl37FMjNHspPd2zJilunS0wWuTQ97EAhr5LwruSQWDE9zLDve0YjGUn3nOLNxY+GGCedCCb2VZ1UsTR4gwSkpcyXWi75NoHX0yO9A4sMa1fxa7ypNsTLOgndOJoNw9i1346GG8b3GdJ1a5Xp5pCLoybxaQ+eFPSsfWn6BXDFYjdtIsNSyVIwEnm/Egp/9dfPVK++dnqy87G5BFhOkgTqwjZZrjmy2F5vfVSdRckXZ69rvjGy7fP4R6clZ5c4X6YDMz33F3KtHHQM4t1flC08PmV4sqVPyQzX5S/yzctDY0EfRTWxW8NDwgtGmc7eWf0Gc40vUX3gjQhTTIwRqpIogNA9XaVZW9ehsLigk5Lfiy7AN6VFeeEcGbTTeE6dmLGa6hOMQri9ZuFMZqdwYaRPebyaVp1ZuOX/CiYF4TqnheLpP+jT65ebt0LgYJDsD0xHsOsTzE4bMQUcdq4tvHBLrbEzrO4utON5YeprlCgIBwc7B20PVL0IemjRe8uV+moyjSV5Sp80qbF8Y5qKh9mP1auVyy+Zs/6BgmwJC2A8CJkz4qItYWga9JIRsQs+JOE
ServerCertificate

MIIE9DCCAtygAwIBAgIQAP/5CXGK+DEFDiQIwFdTSTANBgkqhkiG9w0BAQ0FADAbMRkwFwYDVQQDDBBRdWFzYXIgU2VydmVyIENBMCAXDTI1MDgxODA4MTgxMVoYDzk5OTkxMjMxMjM1OTU5WjAbMRkwFwYDVQQDDBBRdWFzYXIgU2VydmVyIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAkQpreWlXQlvUXjtxV2oSoGl7mUfwBFW4ljOoYn/vVMA2WmIbw9HPXf+wFATUe8hWXcTY9RZiboWkgQfhDfPcDWSe+R7VHplaZFx8MFn4ht+v8uJVUEwHyZHC5xg+oerQ8YPmdC097/2BwwzVVILAhbwN1sDeTzCr3K53UgNUjDCNOF5C9H9/iGNMJu3mVeUU/+S6FTFd7i5u21rbL9wLib4X0ScHfBOdtYOuLAuq2gp+0MKFWj0CJOs7ngSElVSfM4mpDopv4BEXJkVWI9vCWgnIKLg5nscYYwFdyzqgKIUP8Cn6vK68a3s+eJc8ntXfYrsnMwgdAUiKnS11ROaWwYvUN9SZyiV3TMQ6opWTmddIPAZXIk8ZV1MFfdhEdhV4mozaGq+oX/UcbYFZc+ylugWIrrVs2aLYi1+AM4OGQ7PdT9UciWNgVUCK7QXZw906AaK/xwnv0dU+Z+URPYY8+H681Ehznyg3L7rdH43pmG0r2xLM1/9QK5tIi9lanvzTYadHIcEy876d/G/hpLDwvfbGUaHxB/CzDiOmPLjWLnrjaBNvINFQgZ6RwkmRY+udBolOy66PEkQqmkB5OedIqcWZoDxcmj7bNDABnnrQkEy7THBzrpCq1xp4jLSpJbkpnYXgsIRIv6Q544jcnLyGZw5JLzRR1UUr236+UMSkJbsCAwEAAaMyMDAwHQYDVR0OBBYEFKl7sRj/Admj4sGsPfl+TK39LF79MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQENBQADggIBABWpcJ6WFMvPRlvO3RKcO/vrc4t9CGcBz98ZqAHSQMS9Eu5tHa69a63lBardiEu4LtHHPIYVwyy/qrj5Yt0fhibRjhTaiJcdFCsYFYtdNJX8O4hrkfhNl/i6JABHzf7j3sMBMRAAMmesalgP3H0twFak7sgtGGMFkCrw3e7IXiHxL447P3xh9JU9oS+nu4dEDt7H2WBADli2WbSWepzVQuRu6/D1KowH+b9cvuF+gzzLMXaCm+kmUjws+NCxyJAnlvHjGAzC7FYlWPgdKIajlCnywDVC7kSzlX+HN3YkZAFxGChRLvoO5A2gNfurJSNZ7jofj/fGPeRXutR0gQjZJfiavPhZI9QLp6cazbH+C0H8b5PTniFesKyNXqJgnBCeoQ9GIS4BNiLYyshxv1B6shGCXZatyqeUOVjr1wM/AMgaOixwGGXBO6Z853FtIDPfrnVfTHPA2vUr8FFKBdmFVc7pYk+Xj6sBkYPdu8gK2NNPNrXHRppOgKxkP6eiY1TT/A5u4mE3CIQFftbhsdGTX8ZoAt+ztSjz21YQDm5g990B11Mj8PGLLvDdeWuZ3IWPiGicWxEyYledgfhaQ3P+aE8aUXbylOZcItr+GFPVxFzazrftJFDxt9VScMJ+OUzAgTXaZMPoBlfa18oVC327D+Ciycc6474jsM/x5Q70tXqT
HideLogDirectory

0
HideLogSubdirectory

1
UnattendedMod

1
Artefacts
Name
 Value Location
CnC

45.81.113.187

Malicious

7c26de59ad48e07090ff995d732b5e91
Port

16

Malicious

7c26de59ad48e07090ff995d732b5e91
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙