c7b5a111744b16106c9120ebf726e982
PE Executable | MD5: c7b5a111744b16106c9120ebf726e982 | Size: 356.86 KB | application/x-dosexec
Symbol Ofbuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | c7b5a111744b16106c9120ebf726e982
|
| Sha1 | a77d5d5f20e48eb05fc9051be4e643e19cb86ebd
|
| Sha256 | 268501cbc4704142a83673aab0b20dc7b8bf9221b70f0e7bbb42f072ed341e7a
|
| Sha384 | d7c11e41dfc29de44ec559da9575833fc73640f4df7065571638ba554162293b7f1431ad79daa0bb9ab59c7fc5a67d2a
|
| Sha512 | 5eff9b6fe4c8e23fdb8d24787235a32be0fbdb5537037088e48127a3a30260a73371de042f68b73ac21e93affc2536b3d52982210199e5b23fa5c27550f47f28
|
| SSDeep | 6144:Q2+EMJ1kbrTzS+QbZVuZV3zbOBUciMAFRzeI5GgFuj:fS1ki+RcRiMspeQGgFs
|
| TLSH | E6746B2373A4A93BD1BD173AE43206056BF4D507BB16E38B5A6845BC6D233828D917F3
|
PeID
|
Config. Field0 | Value |
|---|---|
| Conf. AES-Salt | BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41 |
| Conf. AES-Key | EQ989DgkPSn9nR6JdT1p |
| Conf. AES-Salt | BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41 |
| Port | jul5050quasaf.duckdns. |
| Host | jul5050quasaf.duckdns. |
| Conf. AES-Key | EQ989DgkPSn9nR6JdT1p |
| Conf. AES-Salt | BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41 |
| Port | 5050 |
| Host | jul5050quasae.duckdns.org |
| Conf. AES-Key | EQ989DgkPSn9nR6JdT1p |
| Conf. AES-Salt | BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41 |
| Port | 5050 |
| Host | jul5050quasad.duckdns.org |
| Conf. AES-Key | EQ989DgkPSn9nR6JdT1p |
| Conf. AES-Salt | BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41 |
| Port | 5050 |
| Host | jul5050quasac.duckdns.org |
| Conf. AES-Key | EQ989DgkPSn9nR6JdT1p |
| Conf. AES-Salt | BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41 |
| Port | 5050 |
| Host | jul5050quasab.duckdns.org |
| Conf. AES-Key | EQ989DgkPSn9nR6JdT1p |
| Version | 1.3.0.0 |
| Port | 5050 |
| Host | jul5050quasa.duckdns.org |
| ReconnectDelay | 3000 |
| Key | 1WvgEMPjdwfqIMeM9MclyQ== |
| AuthKey | NcFtjbDOcsw7Evd3coMC0y4koy/SRZGydhNmno81ZOWOvdfg7sv0Cj5ad2ROUfX4QMscAIjYJdjrrs41+qcQwg== |
| SubDirectory | SubDir |
| InstallName | Client.exe |
| Install | 0 |
| Startup | 0 |
| Mutex | QSR_MUTEX_HAw6Lh |
| StartupKey | Quasar Client St |
| HideFile | 0 |
| EnableLogger | 1 |
| Tag | Office04 |
| LogDirectory | Logs |
| HideLogDirectory | 0 |
| HideLogSubdirectory | 0 |
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | Client.exe |
| Full Name | Client.exe |
| EntryPoint | System.Void 둨쨾ợ垷⮳郄尨퇒镼鹲櫸籾繈ﻴ凜::Main(System.String[]) |
| Scope Name | Client.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Client |
| Assembly Version | 1.3.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0,Profile=Client |
| Total Strings | 896 |
| Main Method | System.Void 둨쨾ợ垷⮳郄尨퇒镼鹲櫸籾繈ﻴ凜::Main(System.String[]) |
| Main IL Instruction Count | 19 |
| Main IL | call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void 둨쨾ợ垷⮳郄尨퇒镼鹲櫸籾繈ﻴ凜::易쒉늮蠃ℂ鯯汊弮易嵩雚偆�⣊䧜(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Boolean �貇퍖庯멬ꂾ뉜礫渰䙮穛푑㨶㞣穉岆됽䃕::䯱脍硚౺�欳䀅זּ낎칪뮀Ꜯ錱–㝠黧۽() brfalse.s IL_0040: call System.Void 둨쨾ợ垷⮳郄尨퇒镼鹲櫸籾繈ﻴ凜::鯎ᘼ짾砲粊쾐ꤧ졭ﲭ悬坖뤽돫㹾䆲騃횂() call System.Boolean 둨쨾ợ垷⮳郄尨퇒镼鹲櫸籾繈ﻴ凜::輄乑勰畲㔩킟챎ᯏ䅂팺亝꡶恵鍟ά乥ꚿ렝() brfalse.s IL_0040: call System.Void 둨쨾ợ垷⮳郄尨퇒镼鹲櫸籾繈ﻴ凜::鯎ᘼ짾砲粊쾐ꤧ졭ﲭ悬坖뤽돫㹾䆲騃횂() call System.Boolean 蛁䩿끗촙䊵�턯櫡띳녚㠺醳睢ꉍ╴䮣ṹ붋::get_Exiting() brtrue.s IL_0040: call System.Void 둨쨾ợ垷⮳郄尨퇒镼鹲櫸籾繈ﻴ凜::鯎ᘼ짾砲粊쾐ꤧ졭ﲭ悬坖뤽돫㹾䆲騃횂() ldsfld 蛁䩿끗촙䊵�턯櫡띳녚㠺醳睢ꉍ╴䮣ṹ붋 둨쨾ợ垷⮳郄尨퇒镼鹲櫸籾繈ﻴ凜::땿ሩ䪭踌饼毌䫈눛鬄沉庸㧆崮衡쇳᭱ callvirt System.Void 蛁䩿끗촙䊵�턯櫡띳녚㠺醳睢ꉍ╴䮣ṹ붋::⯮䆑�瀐禭筰ꂠ࣎팈攌⧏풨ꛌΏ㎽띶꤈() call System.Void 둨쨾ợ垷⮳郄尨퇒镼鹲櫸籾繈ﻴ凜::鯎ᘼ짾砲粊쾐ꤧ졭ﲭ悬坖뤽돫㹾䆲騃횂() call System.Void 둨쨾ợ垷⮳郄尨퇒镼鹲櫸籾繈ﻴ凜::⑴잼鹝釋崼⮥ꀴ붼ࠝ╕⺠㴆긘粞囎爫퀉ɯ毐() ret <null> |
| Module Name | Client.exe |
| Full Name | Client.exe |
| EntryPoint | System.Void 둨쨾ợ垷⮳郄尨퇒镼鹲櫸籾繈ﻴ凜::Main(System.String[]) |
| Scope Name | Client.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | Client |
| Assembly Version | 1.3.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0,Profile=Client |
| Total Strings | 896 |
| Main Method | System.Void 둨쨾ợ垷⮳郄尨퇒镼鹲櫸籾繈ﻴ凜::Main(System.String[]) |
| Main IL Instruction Count | 19 |
| Main IL | call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void 둨쨾ợ垷⮳郄尨퇒镼鹲櫸籾繈ﻴ凜::易쒉늮蠃ℂ鯯汊弮易嵩雚偆�⣊䧜(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Boolean �貇퍖庯멬ꂾ뉜礫渰䙮穛푑㨶㞣穉岆됽䃕::䯱脍硚౺�欳䀅זּ낎칪뮀Ꜯ錱–㝠黧۽() brfalse.s IL_0040: call System.Void 둨쨾ợ垷⮳郄尨퇒镼鹲櫸籾繈ﻴ凜::鯎ᘼ짾砲粊쾐ꤧ졭ﲭ悬坖뤽돫㹾䆲騃횂() call System.Boolean 둨쨾ợ垷⮳郄尨퇒镼鹲櫸籾繈ﻴ凜::輄乑勰畲㔩킟챎ᯏ䅂팺亝꡶恵鍟ά乥ꚿ렝() brfalse.s IL_0040: call System.Void 둨쨾ợ垷⮳郄尨퇒镼鹲櫸籾繈ﻴ凜::鯎ᘼ짾砲粊쾐ꤧ졭ﲭ悬坖뤽돫㹾䆲騃횂() call System.Boolean 蛁䩿끗촙䊵�턯櫡띳녚㠺醳睢ꉍ╴䮣ṹ붋::get_Exiting() brtrue.s IL_0040: call System.Void 둨쨾ợ垷⮳郄尨퇒镼鹲櫸籾繈ﻴ凜::鯎ᘼ짾砲粊쾐ꤧ졭ﲭ悬坖뤽돫㹾䆲騃횂() ldsfld 蛁䩿끗촙䊵�턯櫡띳녚㠺醳睢ꉍ╴䮣ṹ붋 둨쨾ợ垷⮳郄尨퇒镼鹲櫸籾繈ﻴ凜::땿ሩ䪭踌饼毌䫈눛鬄沉庸㧆崮衡쇳᭱ callvirt System.Void 蛁䩿끗촙䊵�턯櫡띳녚㠺醳睢ꉍ╴䮣ṹ붋::⯮䆑�瀐禭筰ꂠ࣎팈攌⧏풨ꛌΏ㎽띶꤈() call System.Void 둨쨾ợ垷⮳郄尨퇒镼鹲櫸籾繈ﻴ凜::鯎ᘼ짾砲粊쾐ꤧ졭ﲭ悬坖뤽돫㹾䆲騃횂() call System.Void 둨쨾ợ垷⮳郄尨퇒镼鹲櫸籾繈ﻴ凜::⑴잼鹝釋崼⮥ꀴ붼ࠝ╕⺠㴆긘粞囎爫퀉ɯ毐() ret <null> |
|
Name0 | Value |
|---|---|
| CnC | jul5050quasa.duckdns.org |
| Port | 5050 |
| CnC | jul5050quasab.duckdns.org |
| CnC | jul5050quasac.duckdns.org |
| CnC | jul5050quasad.duckdns.org |
| CnC | jul5050quasae.duckdns.org |
| CnC | jul5050quasaf.duckdns. |
| Port | jul5050quasaf.duckdns. |
|
Config. Field0 | Value |
|---|---|
| Conf. AES-Salt | BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41 |
| Conf. AES-Key | EQ989DgkPSn9nR6JdT1p |
| Conf. AES-Salt | BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41 |
| Port | jul5050quasaf.duckdns. |
| Host | jul5050quasaf.duckdns. |
| Conf. AES-Key | EQ989DgkPSn9nR6JdT1p |
| Conf. AES-Salt | BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41 |
| Port | 5050 |
| Host | jul5050quasae.duckdns.org |
| Conf. AES-Key | EQ989DgkPSn9nR6JdT1p |
| Conf. AES-Salt | BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41 |
| Port | 5050 |
| Host | jul5050quasad.duckdns.org |
| Conf. AES-Key | EQ989DgkPSn9nR6JdT1p |
| Conf. AES-Salt | BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41 |
| Port | 5050 |
| Host | jul5050quasac.duckdns.org |
| Conf. AES-Key | EQ989DgkPSn9nR6JdT1p |
| Conf. AES-Salt | BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41 |
| Port | 5050 |
| Host | jul5050quasab.duckdns.org |
| Conf. AES-Key | EQ989DgkPSn9nR6JdT1p |
| Version | 1.3.0.0 |
| Port | 5050 |
| Host | jul5050quasa.duckdns.org |
| ReconnectDelay | 3000 |
| Key | 1WvgEMPjdwfqIMeM9MclyQ== |
| AuthKey | NcFtjbDOcsw7Evd3coMC0y4koy/SRZGydhNmno81ZOWOvdfg7sv0Cj5ad2ROUfX4QMscAIjYJdjrrs41+qcQwg== |
| SubDirectory | SubDir |
| InstallName | Client.exe |
| Install | 0 |
| Startup | 0 |
| Mutex | QSR_MUTEX_HAw6Lh |
| StartupKey | Quasar Client St |
| HideFile | 0 |
| EnableLogger | 1 |
| Tag | Office04 |
| LogDirectory | Logs |
| HideLogDirectory | 0 |
| HideLogSubdirectory | 0 |
|
Name0 | Value | Location |
|---|---|---|
| CnC | jul5050quasa.duckdns.org Malicious |
c7b5a111744b16106c9120ebf726e982 |
| Port | 5050 Malicious |
c7b5a111744b16106c9120ebf726e982 |
| CnC | jul5050quasab.duckdns.org Malicious |
c7b5a111744b16106c9120ebf726e982 |
| CnC | jul5050quasac.duckdns.org Malicious |
c7b5a111744b16106c9120ebf726e982 |
| CnC | jul5050quasad.duckdns.org Malicious |
c7b5a111744b16106c9120ebf726e982 |
| CnC | jul5050quasae.duckdns.org Malicious |
c7b5a111744b16106c9120ebf726e982 |
| CnC | jul5050quasaf.duckdns. Malicious |
c7b5a111744b16106c9120ebf726e982 |
| Port | jul5050quasaf.duckdns. Malicious |
c7b5a111744b16106c9120ebf726e982 |