Malicious

aa9532f77eb89f50f203b5e8e010c9bd

PE Executable
|
MD5: aa9532f77eb89f50f203b5e8e010c9bd
|
Size: 13.23 MB
|
application/x-dosexec

Print

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	aa9532f77eb89f50f203b5e8e010c9bd
Sha1	95afdc4350dbfcbf9ecbd8cdf9ea860ac0b8e7aa
Sha256	2c0e2f2587de48b78b7dfe2a28c012ca3b6790a55896f8a173b7941ee61f9bc3
Sha384	2b5ba9c9889563f93666a183ca4cb6853fc0fd744bf90e5afc45fd0bc06d7e0ae0bafdfa3b361eb6abe0756b70385fd7
Sha512	792d3db5323fbef83adac33f3d461287a9363171120870e1072245b5b9c6ddd9562a81f8c76b791b3db9e4b5cbb8837790be653b1d0fbea1ebeb39f4993b6ca6
SSDeep	24576:pVvzqDtQFBumDtQK8tYKFUFZhNpEX3S0ibLU+mgmJUbS3vfnkmutbapbU0VtcK0d:/WDwDYoqtGr
TLSH	2FD6428DE43A94D8DC5235F07C93188C79485DE59FBD422E442CC4A522EB6BD029BBFE

File Structure

Malware Configuration - QuasarRAT config.

Config. Field0	Value
VERSION	1.0.00.r6
RECONNECTDELAY	5000
PASSWORD	5EPmsqV4iTCGjx9aY3yYpBWD0IgEJpHNEP75pks
SUBFOLDER	SUB
INSTALLNAME	INSTALL
INSTALL	0
STARTUP	1
MUTEX	e4d6a6ec-320d-48ee-b6b2-fa24f03760d4
STARTUPKEY	STARTUP
HIDEFILE	1
ENABLELOGGER	1
ENCRYPTIONKEY	O2CCRlKB5V3AWlrHVKWMrr1GvKqVxXWdcx0l0s6L8fB2mavMqr
TAG	RELEASE
win7	0

Informations

Name0	Value
Info	PE Detect: PeReader OK (file layout)
Info	Authenticode present at 0xC98E00 size 25200 bytes
Module Name	libfilezilla-43.dll
Full Name	libfilezilla-43.dll
Scope Name	libfilezilla-43.dll
Scope Type	ModuleDef
Kind	Dll
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	libfilezilla-43
Assembly Version	1.1.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.8
Total Strings	617
Main Method	Not found or no body

aa9532f77eb89f50f203b5e8e010c9bd (13.23 MB)

An error has occurred. This application may no longer respond until reloaded. Reload 🗙