aa15cdf3ad77912fad2d7da5cbce6e20

PE Executable
|
MD5: aa15cdf3ad77912fad2d7da5cbce6e20
|
Size: 356.35 KB
|
application/x-dosexec

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	aa15cdf3ad77912fad2d7da5cbce6e20
Sha1	469343cfbf8c352952b342e068443dad920db6c0
Sha256	3ec68fa56e587375771be0596297b89f4a59dc8b36238dcda5c571375e182509
Sha384	20d9058bde79ed83ba33755891d3591d6c7f368e820136eaa27f36b533febc0d1d2a49cdd3627f3c01d294f996d4e9b3
Sha512	d6f083e93ad5f904734a201464b9bc534041301b27d5f6b52ac4992207fe56b9d2897cb0eba3810531c2f9acc626dcc85dfa7a5f68ab3240d90205e82fea9e22
SSDeep	6144:5Q6bPXhLApfpsGxRqOa2boUCdZYzj/gxlm:OmhApt8yvj/ylm
TLSH	53748C5773A8E93BD1FE173AE43246044BB1D443B616F38B6A6C55B86D233868D423B3

PeID

.NET executable

Microsoft Visual C# / Basic .NET

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL

Microsoft Visual C# v7.0 / Basic .NET

Microsoft Visual Studio .NET

File Structure

Malware Configuration - QuasarRAT config.

Config. Field0	Value
Conf. AES-Salt	BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Conf. AES-Key	y8NIhkgohaXaAJxwpOZb
Version	1.3.0.0
Port	1
Host	188.132.197.88
ReconnectDelay	3000
Key	1WvgEMPjdwfqIMeM9MclyQ==
AuthKey	NcFtjbDOcsw7Evd3coMC0y4koy/SRZGydhNmno81ZOWOvdfg7sv0Cj5ad2ROUfX4QMscAIjYJdjrrs41+qcQwg==
SubDirectory	SubDir
InstallName	Client.exe
Install	1
Startup	1
Mutex	QSR_MUTEX_PRxoYR
StartupKey	Winndows
HideFile	1
EnableLogger	1
Tag	Office04
LogDirectory	Logs
HideLogDirectory	0
HideLogSubdirectory	0

Informations

Name0	Value
Info	PE Detect: PeReader OK (file layout)
Module Name	Client.exe
Full Name	Client.exe
EntryPoint	System.Void 䏘㱈썻唷�뵨䋝袣驻喙ꎜ癧�팳⦌䄑�퉞먊::Main(System.String[])
Scope Name	Client.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Client
Assembly Version	1.3.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.0,Profile=Client
Total Strings	896
Main Method	System.Void 䏘㱈썻唷�뵨䋝袣驻喙ꎜ癧�팳⦌䄑�퉞먊::Main(System.String[])
Main IL Instruction Count	19
Main IL	call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void 䏘㱈썻唷�뵨䋝袣驻喙ꎜ癧�팳⦌䄑�퉞먊::颂ⴼ縠ຍ퐾᢭̫鿡蔉䥙ᓉ⾆ହ澝殕䵍뭷ಌ昹(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Boolean 縰ʮ圄ﺴ留ﻍ돪࿤예髟ꀆ懋逦�䭣䒡ኑ჆爸::쇯靧몫�酎䧹늌렾땅웫࿼ᱩ熨ݱ혞᭻➴쎶⭬䓼() brfalse.s IL_0040: call System.Void 䏘㱈썻唷�뵨䋝袣驻喙ꎜ癧�팳⦌䄑�퉞먊::봟ᦏ兀锣￰⳶Я␊巄ଃ麙飻᧭腶⻐乣봀ʠⓁ() call System.Boolean 䏘㱈썻唷�뵨䋝袣驻喙ꎜ癧�팳⦌䄑�퉞먊::渋᜾弇૜쑮ᷧ钸꾄�쨨㧷ﰯ䲐뉪㫢馢() brfalse.s IL_0040: call System.Void 䏘㱈썻唷�뵨䋝袣驻喙ꎜ癧�팳⦌䄑�퉞먊::봟ᦏ兀锣￰⳶Я␊巄ଃ麙飻᧭腶⻐乣봀ʠⓁ() call System.Boolean 鸋볽莧ﱫᆱ�쟜躹粜ⴆ蓍Ⱗ㗅䎙牜쬖閕::get_Exiting() brtrue.s IL_0040: call System.Void 䏘㱈썻唷�뵨䋝袣驻喙ꎜ癧�팳⦌䄑�퉞먊::봟ᦏ兀锣￰⳶Я␊巄ଃ麙飻᧭腶⻐乣봀ʠⓁ() ldsfld 鸋볽莧ﱫᆱ�쟜躹粜ⴆ蓍Ⱗ㗅䎙牜쬖閕䏘㱈썻唷�뵨䋝袣驻喙ꎜ癧�팳⦌䄑�퉞먊::䤊�ẗ켠柄晃蚖_몎榬ځﮨ漘䶀툉 callvirt System.Void 鸋볽莧ﱫᆱ�쟜躹粜ⴆ蓍Ⱗ㗅䎙牜쬖閕::Ḏﺭᯫᴣｇ깊뱃꒣㣓ᕪᚚ䊍쮒ᨦ⿉⎖䃟() call System.Void 䏘㱈썻唷�뵨䋝袣驻喙ꎜ癧�팳⦌䄑�퉞먊::봟ᦏ兀锣￰⳶Я␊巄ଃ麙飻᧭腶⻐乣봀ʠⓁ() call System.Void 䏘㱈썻唷�뵨䋝袣驻喙ꎜ癧�팳⦌䄑�퉞먊::⫬墎侧洅뀙黧遧큯릴酨୎츰㋝걘虳탧霿() ret <null>
Module Name	Client.exe
Full Name	Client.exe
EntryPoint	System.Void 䏘㱈썻唷�뵨䋝袣驻喙ꎜ癧�팳⦌䄑�퉞먊::Main(System.String[])
Scope Name	Client.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Client
Assembly Version	1.3.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.0,Profile=Client
Total Strings	896
Main Method	System.Void 䏘㱈썻唷�뵨䋝袣驻喙ꎜ癧�팳⦌䄑�퉞먊::Main(System.String[])
Main IL Instruction Count	19
Main IL	call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void 䏘㱈썻唷�뵨䋝袣驻喙ꎜ癧�팳⦌䄑�퉞먊::颂ⴼ縠ຍ퐾᢭̫鿡蔉䥙ᓉ⾆ହ澝殕䵍뭷ಌ昹(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Boolean 縰ʮ圄ﺴ留ﻍ돪࿤예髟ꀆ懋逦�䭣䒡ኑ჆爸::쇯靧몫�酎䧹늌렾땅웫࿼ᱩ熨ݱ혞᭻➴쎶⭬䓼() brfalse.s IL_0040: call System.Void 䏘㱈썻唷�뵨䋝袣驻喙ꎜ癧�팳⦌䄑�퉞먊::봟ᦏ兀锣￰⳶Я␊巄ଃ麙飻᧭腶⻐乣봀ʠⓁ() call System.Boolean 䏘㱈썻唷�뵨䋝袣驻喙ꎜ癧�팳⦌䄑�퉞먊::渋᜾弇૜쑮ᷧ钸꾄�쨨㧷ﰯ䲐뉪㫢馢() brfalse.s IL_0040: call System.Void 䏘㱈썻唷�뵨䋝袣驻喙ꎜ癧�팳⦌䄑�퉞먊::봟ᦏ兀锣￰⳶Я␊巄ଃ麙飻᧭腶⻐乣봀ʠⓁ() call System.Boolean 鸋볽莧ﱫᆱ�쟜躹粜ⴆ蓍Ⱗ㗅䎙牜쬖閕::get_Exiting() brtrue.s IL_0040: call System.Void 䏘㱈썻唷�뵨䋝袣驻喙ꎜ癧�팳⦌䄑�퉞먊::봟ᦏ兀锣￰⳶Я␊巄ଃ麙飻᧭腶⻐乣봀ʠⓁ() ldsfld 鸋볽莧ﱫᆱ�쟜躹粜ⴆ蓍Ⱗ㗅䎙牜쬖閕䏘㱈썻唷�뵨䋝袣驻喙ꎜ癧�팳⦌䄑�퉞먊::䤊�ẗ켠柄晃蚖_몎榬ځﮨ漘䶀툉 callvirt System.Void 鸋볽莧ﱫᆱ�쟜躹粜ⴆ蓍Ⱗ㗅䎙牜쬖閕::Ḏﺭᯫᴣｇ깊뱃꒣㣓ᕪᚚ䊍쮒ᨦ⿉⎖䃟() call System.Void 䏘㱈썻唷�뵨䋝袣驻喙ꎜ癧�팳⦌䄑�퉞먊::봟ᦏ兀锣￰⳶Я␊巄ଃ麙飻᧭腶⻐乣봀ʠⓁ() call System.Void 䏘㱈썻唷�뵨䋝袣驻喙ꎜ癧�팳⦌䄑�퉞먊::⫬墎侧洅뀙黧遧큯릴酨୎츰㋝걘虳탧霿() ret <null>

Artefacts

Name0	Value
CnC	188.132.197.88
Port	1

aa15cdf3ad77912fad2d7da5cbce6e20 (356.35 KB)