Malicious
Malicious

c7c677f4d824b6e894476c265f0c40f7

PE Executable
|
MD5: c7c677f4d824b6e894476c265f0c40f7
|
Size: 646.66 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Obfuscation Score

High

Hash
 Hash Value
MD5
c7c677f4d824b6e894476c265f0c40f7
Sha1
8b935947b5442b4afb7a0519cf8a107f2aa82e09
Sha256
940773be1f5061eb206c7bbf3030765aac7b973f5a9915c62ba893a2d97b28f2
Sha384
8e9f785ea5643401c15f8e5771cd68bb05851d39889c21e8002871acdae1eb47b6735b986cfb56974ae9b83de9054b46
Sha512
70990245db87224678a223af17d14030bc9a5c51c1593ac27641506b5ea7f8d38faae607170a1a22d5c128057e518e570decb76938b66f8e914d6c8deb17b268
SSDeep
12288:cPRb9qoSjkqjVnl36ud0zR/6CtQ9PUHIG8Dl8gSD+37PWY1Y1+f7LfN//TT34:cJ9mjkqjVnlqud+/2P+AlUDcPt1aKFHQ
TLSH
40D4122037F9864BE1BF66B898F161416676F663B623E74C1C8462FD4433741A9C33BA

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
c7c677f4d824b6e894476c265f0c40f7
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
.Net Resources
InvokedClient.InvokedClientApplication.resources
costura.costura.dll.compressed
costura.costura.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.costura.pdb.compressed
costura.costura.pdb
costura.gma.system.mousekeyhook.dll.compressed
costura.gma.system.mousekeyhook.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.newtonsoft.json.dll.compressed
costura.newtonsoft.json.dll
[Authenticode]_220cad77.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.protobuf-net.dll.compressed
costura.protobuf-net.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.system.diagnostics.diagnosticsource.dll.compressed
costura.system.diagnostics.diagnosticsource.dll
[Authenticode]_50c89911.p7b
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.invokedcommon.dll.compressed
costura.invokedcommon.dll
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
costura.metadata
ILRepack.List
Malware Configuration - QuasarRAT config.
Config. Field
 Value
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Conf. AES-Key

Version

8Xddu0CX4sRrp0qrQncvcq7iP8be1D0Mo+L9C/GPyRwCsrwRBxgkVDc1oxH0VRtu+UyZwCHWH9UPGcs1CBbMGw==
Port

aVqVFHrApWTUvIBfiuiFGeQHq/ibzf2M7zbBBxihUlTcryDKmSL00RtzC1fH0ZotWv0HVW1g2E9LUmO+FzEeteoJt7mZq2BlaKtrtFzGxxQ=
Host

aVqVFHrApWTUvIBfiuiFGeQHq/ibzf2M7zbBBxihUlTcryDKmSL00RtzC1fH0ZotWv0HVW1g2E9LUmO+FzEeteoJt7mZq2BlaKtrtFzGxxQ=
ReconnectDelay

3000
Key

9EO5O1t/YS9tCoTQz5dtXxdfKkPWCJAYd7/d5UvHOzUKElZ1XtbCNXlUJz6h32HUbV57QJMUjLzH9vgQb21Xuw==
SubDirectory

CVM8thWz/MGoPqpslxEZs1ZaK8oSMSOnYAYGsT85e6gobsCWKIyaLuLAt6JVHAcSWnHeTSvfJnAoSsg7OGBfWw==
InstallName

1
Install

1
Startup

Tyw5pTpsz3l3FSR5FNFL9CQhQZYfo9dN0pHqF6osW3janfQ+e5UuoEcjIBt14po/69NnNoU/jQwbe4D9areevI+QI5gtdx9Odcqsld+D12t/cKH0U8eYEvOCrHVYS0u3
Mutex

DroFQGDb0xm/kGVM6+WwDyB02YwNJlMexFEzGrlpEhIc1EN+r1O41/DvqGVc0XbRfeABNfhM/0fK1FQqltdF5w==
StartupKey

1
HideFile

1
EnableLogger

6351234662461217B8B3178BD777B2DFFE766EAD
EncryptionKey

eoqahdEeEkEyyhAp95l4EToeImnBwlpkOZL4vQxtakjIfqRW2r0zw/9tOEY7Hl5Ri0NX4tqtNMYSj/37Bf+h1w==
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

Client
Full Name

Client
EntryPoint

System.Void 弱᱅炰婜标ꭾᮬ䐰⋭拒ᔭ忉畄ᦂဣ頕㵏隟斧娴::Main()
Scope Name

Client
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.8
Total Strings

613
Main Method

System.Void 弱᱅炰婜标ꭾᮬ䐰⋭拒ᔭ忉畄ᦂဣ頕㵏隟斧娴::Main()
Main IL Instruction Count

21
Main IL

call System.Boolean 弱᱅炰婜标ꭾᮬ䐰⋭拒ᔭ忉畄ᦂဣ頕㵏隟斧娴::囅皨䫵ꂺ磷�歝뙩㫡搩铜댣葑馦肗갊ꯇ섳() pop <null> ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4.2 <null> call System.Void System.Windows.Forms.Application::SetUnhandledExceptionMode(System.Windows.Forms.UnhandledExceptionMode) ldnull <null> ldftn System.Void 弱᱅炰婜标ꭾᮬ䐰⋭拒ᔭ忉畄ᦂဣ頕㵏隟斧娴::⭗澍梭骹�館킦飉꜎︃哬얅஀鮠䀘돨቗啡(System.Object,System.Threading.ThreadExceptionEventArgs) newobj System.Void System.Threading.ThreadExceptionEventHandler::.ctor(System.Object,System.IntPtr) call System.Void System.Windows.Forms.Application::add_ThreadException(System.Threading.ThreadExceptionEventHandler) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void 弱᱅炰婜标ꭾᮬ䐰⋭拒ᔭ忉畄ᦂဣ頕㵏隟斧娴::ﴑ䲗奿㠊읶৆⑲﹑ꗼ欋㲟惛﹊뢿儒ⶆ礚(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void 䈕糧ퟅ昫䅙貯鼯븄ᑘꎋ尀㿧쪟ࣉⱷ::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Module Name

Client
Full Name

Client
EntryPoint

System.Void 弱᱅炰婜标ꭾᮬ䐰⋭拒ᔭ忉畄ᦂဣ頕㵏隟斧娴::Main()
Scope Name

Client
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.8
Total Strings

613
Main Method

System.Void 弱᱅炰婜标ꭾᮬ䐰⋭拒ᔭ忉畄ᦂဣ頕㵏隟斧娴::Main()
Main IL Instruction Count

21
Main IL

call System.Boolean 弱᱅炰婜标ꭾᮬ䐰⋭拒ᔭ忉畄ᦂဣ頕㵏隟斧娴::囅皨䫵ꂺ磷�歝뙩㫡搩铜댣葑馦肗갊ꯇ섳() pop <null> ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4.2 <null> call System.Void System.Windows.Forms.Application::SetUnhandledExceptionMode(System.Windows.Forms.UnhandledExceptionMode) ldnull <null> ldftn System.Void 弱᱅炰婜标ꭾᮬ䐰⋭拒ᔭ忉畄ᦂဣ頕㵏隟斧娴::⭗澍梭骹�館킦飉꜎︃哬얅஀鮠䀘돨቗啡(System.Object,System.Threading.ThreadExceptionEventArgs) newobj System.Void System.Threading.ThreadExceptionEventHandler::.ctor(System.Object,System.IntPtr) call System.Void System.Windows.Forms.Application::add_ThreadException(System.Threading.ThreadExceptionEventHandler) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void 弱᱅炰婜标ꭾᮬ䐰⋭拒ᔭ忉畄ᦂဣ頕㵏隟斧娴::ﴑ䲗奿㠊읶৆⑲﹑ꗼ欋㲟惛﹊뢿儒ⶆ礚(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void 䈕糧ퟅ昫䅙貯鼯븄ᑘꎋ尀㿧쪟ࣉⱷ::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Artefacts
Name
 Value
CnC

aVqVFHrApWTUvIBfiuiFGeQHq/ibzf2M7zbBBxihUlTcryDKmSL00RtzC1fH0ZotWv0HVW1g2E9LUmO+FzEeteoJt7mZq2BlaKtrtFzGxxQ=
Port

aVqVFHrApWTUvIBfiuiFGeQHq/ibzf2M7zbBBxihUlTcryDKmSL00RtzC1fH0ZotWv0HVW1g2E9LUmO+FzEeteoJt7mZq2BlaKtrtFzGxxQ=
c7c677f4d824b6e894476c265f0c40f7 (646.66 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙