dc104d73061e9885e79df21521cb6e17

PE Executable
|
MD5: dc104d73061e9885e79df21521cb6e17
|
Size: 514.05 KB
|
application/x-dosexec

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	dc104d73061e9885e79df21521cb6e17
Sha1	a155128f728206ab6a2d1a521cb8ae8353ce8e4d
Sha256	0ae8c5022567fc8588fdc2fbf27d1d245f7e9bb15a23cb8a01962be6b51cb73c
Sha384	8ae0d933c67abd6a4f4b611cd9100c861ed9bbcf1bc5a9169db84b98e19ce17f56ab5da22750ae9de96ea2ce86f87d81
Sha512	e87b68eb7ef19b0ea11bcfa6c9ca935b6ff2cc5b34eaea5ba4471d0d289f86f78826a2f7f0fce132c35e4f4d16cc3accc8ff599fc6cf503fe19007da4cc6e005
SSDeep	6144:cTEgdc0Y5XAGbgiIN2RSBEWEdTEDfKMDkQfocEjOb8F9dC0aUpVDaWjDaGcTR3xE:cTEgdfYVbgnDDkzprhFpVGWPaGcd+
TLSH	60B46C4063F8862BE1AF577AE871042597F4F407B2ABEF4F4A40A1F92D66706AD40773

PeID

.NET executable

Microsoft Visual C# / Basic .NET

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL

Microsoft Visual C# v7.0 / Basic .NET

Microsoft Visual Studio .NET

File Structure

Malware Configuration - QuasarRAT config.

Config. Field0	Value
Conf. AES-Salt	BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Conf. AES-Key	677BA3CA93A14ED21921E76CDFAADEF9D4E79629
Version	1.4.0
Port
Host	222.253.182.185
ReconnectDelay	3000
SubDirectory	WinRaRR
InstallName	RuntimeBroker.ex
Install	1
Startup	1
Mutex	7e77dc12-5e6b-4d71-9bcb-d387cb16
StartupKey	Realtek
HideFile	1
EnableLogger	1
Tag	BACKUP36
LogDirectory	dControlsS
ServerSignature	BDvmBd8VNzMNNZgdeDqBaQGLtq0L9oDdduNwtzXhDH8ktE4hlkE+cnYpRqdbDjR7/3Mf8SEo1itOb8CEKcbNRbYd0ck+DyrCjeRtWNzlWwo7gI5tKlcBiEfrxx3wArQYbMgGHkgq4nX1COj8YSUWeLXZeB6i9t3uceDmp582j3dQn0bg72yMpecdsAvgu75c1lAWzqprWwnSKMKblmv8fQ2FQYz2pz0koZbErigh2EROmNk799v/UY2Kvh78xu7bWgY+A+VwrdVYadvuIx+e3u7Q4IOYQf5Bri7LXHs3bL3F3EPYD6q6hyq3CCY32Ax7QPyarvNuOdM8IT0HqqwjM4tbTT3GQ1TONnBNGDsTz5alG+HUOfF2VB4Mp5Mtj3cKuTR37XXP7OaYyDbRWJ1l4js+XgrSIbFYEF7Gt5Di1AlQfuJE8YThUK6OqV+axny+WwUHvrRHTLLCKdHwKZ3YaLo9fNr+/fc6y27uGjQJ6G4gYn9/+fPWNNi8BAYOvy4t09bJ8h8MHbdHoAppuKZPHcyIO5X8TvGIr+5bWCpXpqeomqRvLcECh69mBljwq2uJA+InlWg4E3MamGw/8CMr2x3GQ8iGFlQr1gAYeSZqxI3tpo3OykHvZFQ6B3Q5Md2TQqZq/GkewfAZU56cy4YLirLYZSCg1IBj
ServerCertificate	MIIE9DCCAtygAwIBAgIQAJfMscj6yIyisgXiQE8S8zANBgkqhkiG9w0BAQ0FADAbMRkwFwYDVQQDDBBRdWFzYXIgU2VydmVyIENBMCAXDTIyMTEyMzA4MDg0NVoYDzk5OTkxMjMxMjM1OTU5WjAbMRkwFwYDVQQDDBBRdWFzYXIgU2VydmVyIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJWLpThus/AyjFDlFFXd5uJadCPojGNPPt55M1DZBuniMqwcy5/a+/a4OBZcnCp8Kxs0p3DErmqRreKK0Ryh81D006WeUFgmcKiibQbUG9uHNEYJTjr/vbAZV3PUnUQFv28kWFO8N3oiEh1d0reWrsKMFnrSHTdSQTHSplKwd96ot8R/XChBVeEfni09F/Pk6nmvpxAtfH1RXzxVKl0hHIta1K50UYRALqQOXdudmbIvgbMBIhpNQIAYKzirWZ3VYglbrUqQvSsUcjrcMJoSRohvITdv7f1mkdKpcYgW5n59a3fYGPuHqjmMwPRQkprh1LEhUYthXdGo8HiO0OCi6Bt+x/hu4kaymUDMx/KK2QQFAwHHv4Is+XP+GPDCaI7eASTqLZvMfNuOg8GU+D95zHsc5nHoxVOoqFx0H3gc1evi93FCefvdo4ezbWCWPDT6K0UqF2gmonbDmDJS354/v4F6pJ3nveKpyiUA/zcA1i5t3qz21YAaN6P1n8HFms5hW+wWW7+ZuJ64veeUUh6Xmy6zztIgDgbazapntj8t+rtXzo5fVgx5abmNboQaSCF34MACR6o6hF2uj4dZYQvaUDkCkveB110ZCIOiofwciPTVKIls4P+kYkQgoYTDZoqzQZAiO3LdsohrrKmhHiPfvmqJbtEsk9NL2OLSaIs6jECAwEAAaMyMDAwHQYDVR0OBBYEFEHQh1MXdTepM6z/IAF2B5IYW9shMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQENBQADggIBADq4zBzSvX5bNSMp4H4x0VFwLIrgXRFDgptXwPymXDvILPVz3JThWug6V+TUJPdMKCfB6oKDMhxnhFOsXblib9TbeUiA51HjmZIF/8/9u0tIgSOdIG2lkO3bNf59TKxi5wmDROJNoebVau0CTM7v8vLUzzeZ3DX1jEnobeX/8E6iFf6YYE75++cetOwYbrLrMssqtbYDHgqP3g9EMkx+ZbLWr3b2hQKgH/7Ar+4u5o7haoDrg07MN+v0IGVOwOFzppB3abcU47K2aaQrRQLD5WDlgu1GqUxVflywqYcy/G9dFJRn4WXWnXbvQp3OzN0I4TAFPavOKrH07AfKHsAwjGkYbQyWx01oBinWIvEmoe87m06rPllqu5IVXQ2f4VRS1BlJtD2Uuzwav2K5POba+5JqBVeMWBwFD3OjtQOWuEAUTSLmLqRSGuOCkWIol6q12ZdmiLwNe6jdy7x9wWKgApV1lw5nJogJThirPOkz5ugruQyzTxNYMfXXCWtSv0+DGFkZPmUHfDDBAJDTcvDsZSVLEuaDxZZoFCg2jnE6sAOx6RzQEZiM9VeNdcNm2TPTc8sqbSgWgnNpNv6ax9EI48Hug9fd27rN684E2jflBkvLQz9r75jTOIVVmIrM25JH1xQBwzO8KIHzA0N3IuB1TGj9cK3iZZkZICzF0RaMLPso
HideLogDirectory	1
HideLogSubdirectory	1
UnattendedMod	1

Informations

Name0	Value
Info	PE Detect: PeReader OK (file layout)
Module Name	Client
Full Name	Client
EntryPoint	System.Void 础蓡蘡꩙ᡜ뉦腀蹔뗲猠苺펷䱟蔭딳�팞뗡::Main(System.String[])
Scope Name	Client
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Client
Assembly Version	1.4.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.5.2
Total Strings	1552
Main Method	System.Void 础蓡蘡꩙ᡜ뉦腀蹔뗲猠苺펷䱟蔭딳�팞뗡::Main(System.String[])
Main IL Instruction Count	19
Main IL	ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4.2 <null> call System.Void System.Windows.Forms.Application::SetUnhandledExceptionMode(System.Windows.Forms.UnhandledExceptionMode) ldnull <null> ldftn System.Void 础蓡蘡꩙ᡜ뉦腀蹔뗲猠苺펷䱟蔭딳�팞뗡::焧׉閰⻣⥞켹耑椊삚ꯅ¸쿚㙪伪㏉욺(System.Object,System.Threading.ThreadExceptionEventArgs) newobj System.Void System.Threading.ThreadExceptionEventHandler::.ctor(System.Object,System.IntPtr) call System.Void System.Windows.Forms.Application::add_ThreadException(System.Threading.ThreadExceptionEventHandler) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void 础蓡蘡꩙ᡜ뉦腀蹔뗲猠苺펷䱟蔭딳�팞뗡::躑譿濭咎⏢黛챂뤒뵽瘟䐐镜マ�憹툪嬲ꉡ(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void 秂릊鄍졊ꑝ촸锧괪䀑ǽ립╜ॅ뒧涚::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Module Name	Client
Full Name	Client
EntryPoint	System.Void 础蓡蘡꩙ᡜ뉦腀蹔뗲猠苺펷䱟蔭딳�팞뗡::Main(System.String[])
Scope Name	Client
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	Client
Assembly Version	1.4.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	.NETFramework,Version=v4.5.2
Total Strings	1552
Main Method	System.Void 础蓡蘡꩙ᡜ뉦腀蹔뗲猠苺펷䱟蔭딳�팞뗡::Main(System.String[])
Main IL Instruction Count	19
Main IL	ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4.2 <null> call System.Void System.Windows.Forms.Application::SetUnhandledExceptionMode(System.Windows.Forms.UnhandledExceptionMode) ldnull <null> ldftn System.Void 础蓡蘡꩙ᡜ뉦腀蹔뗲猠苺펷䱟蔭딳�팞뗡::焧׉閰⻣⥞켹耑椊삚ꯅ¸쿚㙪伪㏉욺(System.Object,System.Threading.ThreadExceptionEventArgs) newobj System.Void System.Threading.ThreadExceptionEventHandler::.ctor(System.Object,System.IntPtr) call System.Void System.Windows.Forms.Application::add_ThreadException(System.Threading.ThreadExceptionEventHandler) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void 础蓡蘡꩙ᡜ뉦腀蹔뗲猠苺펷䱟蔭딳�팞뗡::躑譿濭咎⏢黛챂뤒뵽瘟䐐镜マ�憹툪嬲ꉡ(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) newobj System.Void 秂릊鄍졊ꑝ촸锧괪䀑ǽ립╜ॅ뒧涚::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>

Artefacts

Name0	Value
CnC	222.253.182.185
Port

dc104d73061e9885e79df21521cb6e17 (514.05 KB)