Malicious
aa9532f77eb89f50f203b5e8e010c9bd
PE Executable | MD5: aa9532f77eb89f50f203b5e8e010c9bd | Size: 13.23 MB | application/x-dosexec
PE Executable
MD5: aa9532f77eb89f50f203b5e8e010c9bd
Size: 13.23 MB
application/x-dosexec
Infection Chain
Summary by MalvaGPT
Characteristics
Symbol Obfuscation Score
Medium
|
Hash | Hash Value |
|---|---|
| MD5 | aa9532f77eb89f50f203b5e8e010c9bd
|
| Sha1 | 95afdc4350dbfcbf9ecbd8cdf9ea860ac0b8e7aa
|
| Sha256 | 2c0e2f2587de48b78b7dfe2a28c012ca3b6790a55896f8a173b7941ee61f9bc3
|
| Sha384 | 2b5ba9c9889563f93666a183ca4cb6853fc0fd744bf90e5afc45fd0bc06d7e0ae0bafdfa3b361eb6abe0756b70385fd7
|
| Sha512 | 792d3db5323fbef83adac33f3d461287a9363171120870e1072245b5b9c6ddd9562a81f8c76b791b3db9e4b5cbb8837790be653b1d0fbea1ebeb39f4993b6ca6
|
| SSDeep | 24576:pVvzqDtQFBumDtQK8tYKFUFZhNpEX3S0ibLU+mgmJUbS3vfnkmutbapbU0VtcK0d:/WDwDYoqtGr
|
| TLSH | 2FD6428DE43A94D8DC5235F07C93188C79485DE59FBD422E442CC4A522EB6BD029BBFE
|
File Structure
aa9532f77eb89f50f203b5e8e010c9bd
Malicious
[Authenticode]_8d5b0755.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.sdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
Quasar.Client.Formularios.NT01.resources
xClient.Properties.Resources.resources
information
[NBF]root.Data
[NBF]root.Data-preview.png
Malware Configuration - QuasarRAT config.
|
Config. Field0 | Value |
|---|---|
| VERSION | 1.0.00.r6 |
| RECONNECTDELAY | 5000 |
| PASSWORD | 5EPmsqV4iTCGjx9aY3yYpBWD0IgEJpHNEP75pks |
| SUBFOLDER | SUB |
| INSTALLNAME | INSTALL |
| INSTALL | 0 |
| STARTUP | 1 |
| MUTEX | e4d6a6ec-320d-48ee-b6b2-fa24f03760d4 |
| STARTUPKEY | STARTUP |
| HIDEFILE | 1 |
| ENABLELOGGER | 1 |
| ENCRYPTIONKEY | O2CCRlKB5V3AWlrHVKWMrr1GvKqVxXWdcx0l0s6L8fB2mavMqr |
| TAG | RELEASE |
| win7 | 0 |
Informations
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Info | Authenticode present at 0xC98E00 size 25200 bytes |
| Module Name | libfilezilla-43.dll |
| Full Name | libfilezilla-43.dll |
| Scope Name | libfilezilla-43.dll |
| Scope Type | ModuleDef |
| Kind | Dll |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | libfilezilla-43 |
| Assembly Version | 1.1.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.8 |
| Total Strings | 617 |
| Main Method | Not found or no body |
aa9532f77eb89f50f203b5e8e010c9bd (13.23 MB)
File Structure
aa9532f77eb89f50f203b5e8e010c9bd
Malicious
[Authenticode]_8d5b0755.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.sdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
.Net Resources
Quasar.Client.Formularios.NT01.resources
xClient.Properties.Resources.resources
information
[NBF]root.Data
[NBF]root.Data-preview.png
Characteristics
Malware Configuration - QuasarRAT config.
|
Config. Field0 | Value |
|---|---|
| VERSION | 1.0.00.r6 |
| RECONNECTDELAY | 5000 |
| PASSWORD | 5EPmsqV4iTCGjx9aY3yYpBWD0IgEJpHNEP75pks |
| SUBFOLDER | SUB |
| INSTALLNAME | INSTALL |
| INSTALL | 0 |
| STARTUP | 1 |
| MUTEX | e4d6a6ec-320d-48ee-b6b2-fa24f03760d4 |
| STARTUPKEY | STARTUP |
| HIDEFILE | 1 |
| ENABLELOGGER | 1 |
| ENCRYPTIONKEY | O2CCRlKB5V3AWlrHVKWMrr1GvKqVxXWdcx0l0s6L8fB2mavMqr |
| TAG | RELEASE |
| win7 | 0 |
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.