Malicious
Malicious

dcbab6425d2251467b58f7366d91661f

PE Executable
|
MD5: dcbab6425d2251467b58f7366d91661f
|
Size: 745.48 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
dcbab6425d2251467b58f7366d91661f
Sha1
d30cd8e7359ceb0591f99ee97c77e728ccbe188c
Sha256
6123c6c12666929b8b06a3b9e62939dc11a9bc5b1a52b6d1cf645c71736aee65
Sha384
a4619c70b76967757a7a3687a4799886a816f7e0c145219ba30d68d63860365f4594e4e38d8811ee7e299476f5579dfb
Sha512
f7e4113b24a940ab574f113fdaa88ca0e7030bd5bef23a3683b38524d65af01f174f286e35d086ad83fdf8fb4b007c86ae97790148f46b4b237efda516026e56
SSDeep
12288:XMcjA/VYbLEiv9w/mBtLN+wEIkiq+sIkTpB8LQ:XMcgynEseyEwWD3pB8LQ
TLSH
FDF46C4033E8D65BE5AE1775E4B0092507F5E107BA62FB9F4A40B1F93C63B826D817A3

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
dcbab6425d2251467b58f7366d91661f
Malicious
[Rebuild from dump]_e0699fa9.exe
Malicious
Malware Configuration - QuasarRAT config.
Config. Field
 Value
Conf. AES-Salt

BF-EB-1E-56-FB-CD-97-3B-B2-19-02-24-30-A5-78-43-00-3D-56-44-D2-1E-62-B9-D4-F1-80-E7-E6-C3-39-41
Conf. AES-Key

D2973F3069489602440049C54C37809627555190
Version

1.7.1
Port

YovngMandaYNoTu-43886.portmap.ho
Host

YovngMandaYNoTu-43886.portmap.ho
ReconnectDelay

3000
Key

SubDir
SubDirectory

Client.exe
InstallName

0
Install

0
Startup

f1856190-4737-4006-8a08-1cae73fe
Mutex

Quasar Modded Cl
StartupKey

0
HideFile

0
EnableLogger

victims01
EncryptionKey

Logs
Malware Configuration - AsyncRAT config.
Config. Field
 Value
Key (AES_256)

-
Pastebin

-
ServerSignature

fIPDA/HBP4hzBjUAyqNOO2Qy4g0nujq5fHwaURzwR+udfD7afG4JVzfqOZW1CoxTymSe5zg3vOACmSZs3BEJ4jE+HQQt5kyd5YvYbpwYEMoBbQuLVrux3IH9w1FX1ZTo
Install File

SbieDll.dll
Mutex

cmdvrt32.dll
Group

cmdvrt64.dll
Informations
Name
 Value
Info

PE Detect: PeReader FAIL, AsmResolver Mapped OK
Info

Remap: Mapped -> FileLayout (RAM only) as [Rebuild from dump]_e0699fa9.exe
Module Name

Client
Full Name

Client
EntryPoint

System.Void yhmrkitgwiwmffbmaorv.ヂ賣֭䢷㝾ᅲ੘ώ몇嗠㠦㖡ˆꯤ湩숿䦯::Main(System.String[])
Scope Name

Client
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

1.7.1.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.8
Total Strings

1957
Main Method

System.Void yhmrkitgwiwmffbmaorv.ヂ賣֭䢷㝾ᅲ੘ώ몇嗠㠦㖡ˆꯤ湩숿䦯::Main(System.String[])
Main IL Instruction Count

20
Main IL

ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4.2 <null> call System.Void System.Windows.Forms.Application::SetUnhandledExceptionMode(System.Windows.Forms.UnhandledExceptionMode) ldnull <null> ldftn System.Void yhmrkitgwiwmffbmaorv.ヂ賣֭䢷㝾ᅲ੘ώ몇嗠㠦㖡ˆꯤ湩숿䦯::䘏뒼핵慘톢䆫嵏籴罅ᦤ篐좔ࡰ暗䲌ᱽⱓ驆螷奈(System.Object,System.Threading.ThreadExceptionEventArgs) newobj System.Void System.Threading.ThreadExceptionEventHandler::.ctor(System.Object,System.IntPtr) call System.Void System.Windows.Forms.Application::add_ThreadException(System.Threading.ThreadExceptionEventHandler) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void yhmrkitgwiwmffbmaorv.ヂ賣֭䢷㝾ᅲ੘ώ몇嗠㠦㖡ˆꯤ湩숿䦯::㒸춖쇤锍궣籈λ苺쁩뺰꬙㢁쓈啿㗾ዬ곺킨卙跃(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) call System.Void yhmrkitgwiwmffbmaorv.ヂ賣֭䢷㝾ᅲ੘ώ몇嗠㠦㖡ˆꯤ湩숿䦯::령㝯곂蒜騲ᰠꄕ總਋癝᰽蓻훞꽂ꇯ改ṧ() newobj System.Void yhmrkitgwiwmffbmaorv.ﴯ䒞ꑇ軨괸脁㌪뽊⬌Ɤ≳䀑옣諿淒擤㳲::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Module Name

Client
Full Name

Client
EntryPoint

System.Void yhmrkitgwiwmffbmaorv.ヂ賣֭䢷㝾ᅲ੘ώ몇嗠㠦㖡ˆꯤ湩숿䦯::Main(System.String[])
Scope Name

Client
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

Client
Assembly Version

1.7.1.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

.NETFramework,Version=v4.8
Total Strings

1957
Main Method

System.Void yhmrkitgwiwmffbmaorv.ヂ賣֭䢷㝾ᅲ੘ώ몇嗠㠦㖡ˆꯤ湩숿䦯::Main(System.String[])
Main IL Instruction Count

20
Main IL

ldc.i4 3072 call System.Void System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType) ldc.i4.2 <null> call System.Void System.Windows.Forms.Application::SetUnhandledExceptionMode(System.Windows.Forms.UnhandledExceptionMode) ldnull <null> ldftn System.Void yhmrkitgwiwmffbmaorv.ヂ賣֭䢷㝾ᅲ੘ώ몇嗠㠦㖡ˆꯤ湩숿䦯::䘏뒼핵慘톢䆫嵏籴罅ᦤ篐좔ࡰ暗䲌ᱽⱓ驆螷奈(System.Object,System.Threading.ThreadExceptionEventArgs) newobj System.Void System.Threading.ThreadExceptionEventHandler::.ctor(System.Object,System.IntPtr) call System.Void System.Windows.Forms.Application::add_ThreadException(System.Threading.ThreadExceptionEventHandler) call System.AppDomain System.AppDomain::get_CurrentDomain() ldnull <null> ldftn System.Void yhmrkitgwiwmffbmaorv.ヂ賣֭䢷㝾ᅲ੘ώ몇嗠㠦㖡ˆꯤ湩숿䦯::㒸춖쇤锍궣籈λ苺쁩뺰꬙㢁쓈啿㗾ዬ곺킨卙跃(System.Object,System.UnhandledExceptionEventArgs) newobj System.Void System.UnhandledExceptionEventHandler::.ctor(System.Object,System.IntPtr) callvirt System.Void System.AppDomain::add_UnhandledException(System.UnhandledExceptionEventHandler) call System.Void System.Windows.Forms.Application::EnableVisualStyles() ldc.i4.0 <null> call System.Void System.Windows.Forms.Application::SetCompatibleTextRenderingDefault(System.Boolean) call System.Void yhmrkitgwiwmffbmaorv.ヂ賣֭䢷㝾ᅲ੘ώ몇嗠㠦㖡ˆꯤ湩숿䦯::령㝯곂蒜騲ᰠꄕ總਋癝᰽蓻훞꽂ꇯ改ṧ() newobj System.Void yhmrkitgwiwmffbmaorv.ﴯ䒞ꑇ軨괸脁㌪뽊⬌Ɤ≳䀑옣諿淒擤㳲::.ctor() call System.Void System.Windows.Forms.Application::Run(System.Windows.Forms.Form) ret <null>
Artefacts
Name
 Value
CnC

YovngMandaYNoTu-43886.portmap.ho
Port

YovngMandaYNoTu-43886.portmap.ho
Key (AES_256)

-
Mutex

cmdvrt32.dll
PE Layout

MemoryMapped (process dump suspected)
CnC

YovngMandaYNoTu-43886.portmap.ho
Port

YovngMandaYNoTu-43886.portmap.ho
Key (AES_256)

-
Mutex

cmdvrt32.dll
PE Layout

MemoryMapped (process dump suspected)
dcbab6425d2251467b58f7366d91661f (745.48 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙