b65f70b2181be52f792520cf30325763

PE Executable
|
MD5: b65f70b2181be52f792520cf30325763
|
Size: 356.35 KB
|
application/x-dosexec

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	b65f70b2181be52f792520cf30325763
Sha1	24e11166c17a825c054a44ab50b0e27ee2c02d49
Sha256	4090ddde1d1ffb846bd2acf0e0f6b355ea151e0b38c33f029049ac6e93919043
Sha384	2083ade4e65d68e8f38c01d25cee53b0865bd493703cc7d30a0babf58d2df486cf88f6c010a9993e8fd9b2cda7e487aa
Sha512	0efc66423c21c8dd589567a4384d8f4a3ac732817cb8c7ed438d13ab8bf4baa9be6c59bd7a7c7c3f9ad7e9d640b929520aad015d503bb99184f86c171a2adb99
SSDeep	6144:Ul6bPXhLApfpZrhD9aEWDnYb7HN739QbY+TdoPFzW6:ImhApLhD9aHn0t7AY+TdoPFzW6
TLSH	68748C1377A8E93FD1FD073AF43246164BB1D447BA26E3AB5A5855B82C133868D423B3

PeID

.NET executable

Microsoft Visual C# / Basic .NET

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL

Microsoft Visual C# v7.0 / Basic .NET

Microsoft Visual Studio .NET

File Structure

Malware Configuration - QuasarRAT config.

Config. Field0	Value
Conf. AES-Salt	BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Conf. AES-Key	4wOduOEBgt4bye27UI22
Version	1.3.0.0
Port	1
Host	45.141.151.174
ReconnectDelay	3000
Key	1WvgEMPjdwfqIMeM9MclyQ==
AuthKey	NcFtjbDOcsw7Evd3coMC0y4koy/SRZGydhNmno81ZOWOvdfg7sv0Cj5ad2ROUfX4QMscAIjYJdjrrs41+qcQwg==
SubDirectory	SubDir
InstallName	Client.exe
Install	0
Startup	0
Mutex	QSR_MUTEX_wjC6eY
StartupKey	WindowsKoruma
HideFile	0
EnableLogger	1
Tag	Office04
LogDirectory	Logs
HideLogDirectory	0
HideLogSubdirectory	0

Informations

Name0	Value
Module Name	Client.exe
Full Name	Client.exe
EntryPoint	System.Void �匇捇㦓ಾ矜⪕بꠇ処몫蠏⊔ᇩ䨮硊�Ꮜ䏩::Main(System.String[])
Scope Name	Client.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Client
Assembly Version	1.3.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.0,Profile=Client
Total Strings	896
Main Method	System.Void �匇捇㦓ಾ矜⪕بꠇ処몫蠏⊔ᇩ䨮硊�Ꮜ䏩::Main(System.String[])
Main IL Instruction Count	19
Main IL	call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void �匇捇㦓ಾ矜⪕بꠇ処몫蠏⊔ᇩ䨮硊�Ꮜ䏩::弃ﬧ塲≞歇ᤪꏺ㔕渋ࢊ䓙燀�䊼ﺱ啭ỽ⟠뵟(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Boolean 훒㎁⟐諮鼳씧豾礅�᫉灌㟝ჭ湆绬꠯ꝅ︮::률㚯Ϻ겪鍖犡ߋ즿롙랚਻葿꧔⦄?遤˘() brfalse.s IL_0040: call System.Void �匇捇㦓ಾ矜⪕بꠇ処몫蠏⊔ᇩ䨮硊�Ꮜ䏩::糄杕鐴횹閭毕紗爱䴺ⶦ꿼⮂﫬갽⽐鷱䛰홧Ắ() call System.Boolean �匇捇㦓ಾ矜⪕بꠇ処몫蠏⊔ᇩ䨮硊�Ꮜ䏩::顆䤺⪺켡쀳ክ๲虸텄倬㴘窭㍜룅诵㺤壓() brfalse.s IL_0040: call System.Void �匇捇㦓ಾ矜⪕بꠇ処몫蠏⊔ᇩ䨮硊�Ꮜ䏩::糄杕鐴횹閭毕紗爱䴺ⶦ꿼⮂﫬갽⽐鷱䛰홧Ắ() call System.Boolean 텵⁝푲뾈詜ᢞ搮殺Ⓧ봃䦥ㄺ견풼㗽蟮䠷抏襫::get_Exiting() brtrue.s IL_0040: call System.Void �匇捇㦓ಾ矜⪕بꠇ処몫蠏⊔ᇩ䨮硊�Ꮜ䏩::糄杕鐴횹閭毕紗爱䴺ⶦ꿼⮂﫬갽⽐鷱䛰홧Ắ() ldsfld 텵⁝푲뾈詜ᢞ搮殺Ⓧ봃䦥ㄺ견풼㗽蟮䠷抏襫 �匇捇㦓ಾ矜⪕بꠇ処몫蠏⊔ᇩ䨮硊�Ꮜ䏩::녪䙯扼Ώ덀࡯䬛턞뱦陶�媸㎞釄쎉ꤖឋ callvirt System.Void 텵⁝푲뾈詜ᢞ搮殺Ⓧ봃䦥ㄺ견풼㗽蟮䠷抏襫::ꕩ⫫鯰蔮驽ậ裑鳿픃㗸ٔ諿傠흣㏦㋱�() call System.Void �匇捇㦓ಾ矜⪕بꠇ処몫蠏⊔ᇩ䨮硊�Ꮜ䏩::糄杕鐴횹閭毕紗爱䴺ⶦ꿼⮂﫬갽⽐鷱䛰홧Ắ() call System.Void �匇捇㦓ಾ矜⪕بꠇ処몫蠏⊔ᇩ䨮硊�Ꮜ䏩::誁�Ꮍ蛵ڠ䆞迵ﰠ걿룼奶捋늉姰ꅔᵵᆕ㷁璵() ret <null>
Module Name	Client.exe
Full Name	Client.exe
EntryPoint	System.Void �匇捇㦓ಾ矜⪕بꠇ処몫蠏⊔ᇩ䨮硊�Ꮜ䏩::Main(System.String[])
Scope Name	Client.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Client
Assembly Version	1.3.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.0,Profile=Client
Total Strings	896
Main Method	System.Void �匇捇㦓ಾ矜⪕بꠇ処몫蠏⊔ᇩ䨮硊�Ꮜ䏩::Main(System.String[])
Main IL Instruction Count	19
Main IL	call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void �匇捇㦓ಾ矜⪕بꠇ処몫蠏⊔ᇩ䨮硊�Ꮜ䏩::弃ﬧ塲≞歇ᤪꏺ㔕渋ࢊ䓙燀�䊼ﺱ啭ỽ⟠뵟(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Boolean 훒㎁⟐諮鼳씧豾礅�᫉灌㟝ჭ湆绬꠯ꝅ︮::률㚯Ϻ겪鍖犡ߋ즿롙랚਻葿꧔⦄?遤˘() brfalse.s IL_0040: call System.Void �匇捇㦓ಾ矜⪕بꠇ処몫蠏⊔ᇩ䨮硊�Ꮜ䏩::糄杕鐴횹閭毕紗爱䴺ⶦ꿼⮂﫬갽⽐鷱䛰홧Ắ() call System.Boolean �匇捇㦓ಾ矜⪕بꠇ処몫蠏⊔ᇩ䨮硊�Ꮜ䏩::顆䤺⪺켡쀳ክ๲虸텄倬㴘窭㍜룅诵㺤壓() brfalse.s IL_0040: call System.Void �匇捇㦓ಾ矜⪕بꠇ処몫蠏⊔ᇩ䨮硊�Ꮜ䏩::糄杕鐴횹閭毕紗爱䴺ⶦ꿼⮂﫬갽⽐鷱䛰홧Ắ() call System.Boolean 텵⁝푲뾈詜ᢞ搮殺Ⓧ봃䦥ㄺ견풼㗽蟮䠷抏襫::get_Exiting() brtrue.s IL_0040: call System.Void �匇捇㦓ಾ矜⪕بꠇ処몫蠏⊔ᇩ䨮硊�Ꮜ䏩::糄杕鐴횹閭毕紗爱䴺ⶦ꿼⮂﫬갽⽐鷱䛰홧Ắ() ldsfld 텵⁝푲뾈詜ᢞ搮殺Ⓧ봃䦥ㄺ견풼㗽蟮䠷抏襫 �匇捇㦓ಾ矜⪕بꠇ処몫蠏⊔ᇩ䨮硊�Ꮜ䏩::녪䙯扼Ώ덀࡯䬛턞뱦陶�媸㎞釄쎉ꤖឋ callvirt System.Void 텵⁝푲뾈詜ᢞ搮殺Ⓧ봃䦥ㄺ견풼㗽蟮䠷抏襫::ꕩ⫫鯰蔮驽ậ裑鳿픃㗸ٔ諿傠흣㏦㋱�() call System.Void �匇捇㦓ಾ矜⪕بꠇ処몫蠏⊔ᇩ䨮硊�Ꮜ䏩::糄杕鐴횹閭毕紗爱䴺ⶦ꿼⮂﫬갽⽐鷱䛰홧Ắ() call System.Void �匇捇㦓ಾ矜⪕بꠇ処몫蠏⊔ᇩ䨮硊�Ꮜ䏩::誁�Ꮍ蛵ڠ䆞迵ﰠ걿룼奶捋늉姰ꅔᵵᆕ㷁璵() ret <null>

Artefacts

Name0	Value
CnC	45.141.151.174
Port	1

b65f70b2181be52f792520cf30325763 (356.35 KB)