Malicious
Malicious

9c4696c8d9a72d26f8b78a6e7f287e59

PE Executable
|
MD5: 9c4696c8d9a72d26f8b78a6e7f287e59
|
Size: 356.86 KB
|
application/x-msdownload

RAT
Malicious
QuasarRat
Executable
PE (Portable Executable)
Managed .NET
PE File Layout
Win 32 Exe
x86
.Net
SOS: 0.61
Print
General
Structural Analysis
Config.1
Yara Rules62
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Medium

Hash
 Hash Value
MD5
9c4696c8d9a72d26f8b78a6e7f287e59
Sha1
6ec3fbe44a8f9ed15983abf49ec0f83f8df1988d
Sha256
2f3c0ed245f51ba046dc425e32409890f029a235cf0cc4330c5088bc1465053d
Sha384
a292cc4cfbd006b5323ccb555c10772d78ed509836e00ed2e424e70808ed5ffa676c325a26401af477d5fffadd6743c1
Sha512
24d59e521098bba2e565f93b58c8f331672b2ed3c2d1a2f08416d5a0f0306717635255a981e77726c51cb8564c982a177008ae0fdca58e683f5f2440e2eb0650
SSDeep
6144:q7NHXf500M4HA1KgKCmbWwuJs/caUBSDo7KJe:Ud506MTucPBuoye
TLSH
C2748D1373A4E93BD1FE577AE0320A154BB4D407BA16F38F9A5886B92D133868D413B3

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
9c4696c8d9a72d26f8b78a6e7f287e59
RAT
Malicious
QuasarRat
Executable
PE (Portable Executable)
Managed .NET
PE File Layout
Win 32 Exe
x86
.Net
SOS: 0.61
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
xClient.Properties.Resources.resources
information
[NBF]root.Data
[NBF]root.Data-preview.png
Malware Configuration - QuasarRAT config.
Config. Field
 Value
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Conf. AES-Key

ZHHBiAOVy3Chc2iMQhcN
Version

1.3.0.0
Port

Host

185.233.164.129
ReconnectDelay

3000
Key

1WvgEMPjdwfqIMeM9MclyQ==
AuthKey

NcFtjbDOcsw7Evd3coMC0y4koy/SRZGydhNmno81ZOWOvdfg7sv0Cj5ad2ROUfX4QMscAIjYJdjrrs41+qcQwg==
SubDirectory

SubDir
InstallName

Client.exe
Install

1
Startup

0
Mutex

QSR_MUTEX_CqND6I
StartupKey

Quasar Client St
HideFile

0
EnableLogger

1
Tag

Office04
LogDirectory

Logs
HideLogDirectory

0
HideLogSubdirectory

0
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Client.exe
Full Name

Client.exe
EntryPoint

System.Void 㑶ȡ䆕숇䠕✓뜶猕䲤쓛ꑑ懮퓹璖ﭘ奣뀭㎊ᔙ匰::Main(System.String[])
Scope Name

Client.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

1.3.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

896
Main Method

System.Void 㑶ȡ䆕숇䠕✓뜶猕䲤쓛ꑑ懮퓹璖ﭘ奣뀭㎊ᔙ匰::Main(System.String[])
Main IL Instruction Count

19
Main IL

call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void 㑶ȡ䆕숇䠕✓뜶猕䲤쓛ꑑ懮퓹璖ﭘ奣뀭㎊ᔙ匰::慎짉வ�漂똚훸Ṓ꒏嬧矦竅蓻闹灎듃鹈鎫ꔵ(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Boolean �䣾既聑눬豘떍躶荪ো覢::᱁䕱ƽ䢖⅝孩큓㷡萹㵐덺偡ꦦᷙ眂诒쾉() brfalse.s IL_0040: call System.Void 㑶ȡ䆕숇䠕✓뜶猕䲤쓛ꑑ懮퓹璖ﭘ奣뀭㎊ᔙ匰::憽갍淴�൸䝩榎⥕ヅ㙭⛵ⳛ䜩詟矣὇滴壛覮() call System.Boolean 㑶ȡ䆕숇䠕✓뜶猕䲤쓛ꑑ懮퓹璖ﭘ奣뀭㎊ᔙ匰::ꙏ뢸ງ쨗윎訠﵏䧆됴엜玧თ프審陖旵䍫㷹捂슀() brfalse.s IL_0040: call System.Void 㑶ȡ䆕숇䠕✓뜶猕䲤쓛ꑑ懮퓹璖ﭘ奣뀭㎊ᔙ匰::憽갍淴�൸䝩榎⥕ヅ㙭⛵ⳛ䜩詟矣὇滴壛覮() call System.Boolean 솏雗킃Ⰶ浐嵽⧟�ʼ嚫ᛏ훲藪::get_Exiting() brtrue.s IL_0040: call System.Void 㑶ȡ䆕숇䠕✓뜶猕䲤쓛ꑑ懮퓹璖ﭘ奣뀭㎊ᔙ匰::憽갍淴�൸䝩榎⥕ヅ㙭⛵ⳛ䜩詟矣὇滴壛覮() ldsfld 솏雗킃Ⰶ浐嵽⧟�ʼ嚫ᛏ훲藪 㑶ȡ䆕숇䠕✓뜶猕䲤쓛ꑑ懮퓹璖ﭘ奣뀭㎊ᔙ匰::泝ꉤ⭴꾛윓ᩒ�ഓ粵䒫䀩⠂㯼埠䂵➒鑸䟉 callvirt System.Void 솏雗킃Ⰶ浐嵽⧟�ʼ嚫ᛏ훲藪::�딨�虎嚰虸祎끪莈Ḻḍ₿焸ᵦ싵() call System.Void 㑶ȡ䆕숇䠕✓뜶猕䲤쓛ꑑ懮퓹璖ﭘ奣뀭㎊ᔙ匰::憽갍淴�൸䝩榎⥕ヅ㙭⛵ⳛ䜩詟矣὇滴壛覮() call System.Void 㑶ȡ䆕숇䠕✓뜶猕䲤쓛ꑑ懮퓹璖ﭘ奣뀭㎊ᔙ匰::ㅚ澗糵〞䯀航ꭻ嶷鞑迀嵓ਡ栫册䧽() ret <null>
Module Name

Client.exe
Full Name

Client.exe
EntryPoint

System.Void 㑶ȡ䆕숇䠕✓뜶猕䲤쓛ꑑ懮퓹璖ﭘ奣뀭㎊ᔙ匰::Main(System.String[])
Scope Name

Client.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

1.3.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.0,Profile=Client
Total Strings

896
Main Method

System.Void 㑶ȡ䆕숇䠕✓뜶猕䲤쓛ꑑ懮퓹璖ﭘ奣뀭㎊ᔙ匰::Main(System.String[])
Main IL Instruction Count

19
Main IL

call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void 㑶ȡ䆕숇䠕✓뜶猕䲤쓛ꑑ懮퓹璖ﭘ奣뀭㎊ᔙ匰::慎짉வ�漂똚훸Ṓ꒏嬧矦竅蓻闹灎듃鹈鎫ꔵ(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Boolean �䣾既聑눬豘떍躶荪ো覢::᱁䕱ƽ䢖⅝孩큓㷡萹㵐덺偡ꦦᷙ眂诒쾉() brfalse.s IL_0040: call System.Void 㑶ȡ䆕숇䠕✓뜶猕䲤쓛ꑑ懮퓹璖ﭘ奣뀭㎊ᔙ匰::憽갍淴�൸䝩榎⥕ヅ㙭⛵ⳛ䜩詟矣὇滴壛覮() call System.Boolean 㑶ȡ䆕숇䠕✓뜶猕䲤쓛ꑑ懮퓹璖ﭘ奣뀭㎊ᔙ匰::ꙏ뢸ງ쨗윎訠﵏䧆됴엜玧თ프審陖旵䍫㷹捂슀() brfalse.s IL_0040: call System.Void 㑶ȡ䆕숇䠕✓뜶猕䲤쓛ꑑ懮퓹璖ﭘ奣뀭㎊ᔙ匰::憽갍淴�൸䝩榎⥕ヅ㙭⛵ⳛ䜩詟矣὇滴壛覮() call System.Boolean 솏雗킃Ⰶ浐嵽⧟�ʼ嚫ᛏ훲藪::get_Exiting() brtrue.s IL_0040: call System.Void 㑶ȡ䆕숇䠕✓뜶猕䲤쓛ꑑ懮퓹璖ﭘ奣뀭㎊ᔙ匰::憽갍淴�൸䝩榎⥕ヅ㙭⛵ⳛ䜩詟矣὇滴壛覮() ldsfld 솏雗킃Ⰶ浐嵽⧟�ʼ嚫ᛏ훲藪 㑶ȡ䆕숇䠕✓뜶猕䲤쓛ꑑ懮퓹璖ﭘ奣뀭㎊ᔙ匰::泝ꉤ⭴꾛윓ᩒ�ഓ粵䒫䀩⠂㯼埠䂵➒鑸䟉 callvirt System.Void 솏雗킃Ⰶ浐嵽⧟�ʼ嚫ᛏ훲藪::�딨�虎嚰虸祎끪莈Ḻḍ₿焸ᵦ싵() call System.Void 㑶ȡ䆕숇䠕✓뜶猕䲤쓛ꑑ懮퓹璖ﭘ奣뀭㎊ᔙ匰::憽갍淴�൸䝩榎⥕ヅ㙭⛵ⳛ䜩詟矣὇滴壛覮() call System.Void 㑶ȡ䆕숇䠕✓뜶猕䲤쓛ꑑ懮퓹璖ﭘ奣뀭㎊ᔙ匰::ㅚ澗糵〞䯀航ꭻ嶷鞑迀嵓ਡ栫册䧽() ret <null>
Artefacts
Name
 Value
CnC

185.233.164.129
Port

9c4696c8d9a72d26f8b78a6e7f287e59 (356.86 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙