QuasarRAT.v1,xRAT | 0d4276cbdb9e

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\OqXZRaykm\Desktop\Client.exe

Sample File

Binary

Also Known As	C:\Users\OqXZRaykm\AppData\Roaming\Recycle Binss\Recycle Bins.exe (Accessed File)
MIME Type	application/vnd.microsoft.portable-executable
File Size	348.00 KB
MD5	a8e97ff37b66f87c2e03cc4ade57b482
SHA1	e2d1cbcb27f868bdef039b3f6dbb7d2d41051fca
SHA256	0d4276cbdb9eb4f3cf2524032e9f80bca3d1762404ad2240d35a2c123fe2e71d
SSDeep	6144:HmzNHXf500MOanrn+vDb6R7T8LC6TKkary:gd501rnwil8L3TKkary
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744

File Reputation Information

Verdict	Malicious
Names	Mal/Generic-S

PE Information

Image Base	0x00400000
Entry Point	0x004581EE
Size Of Code	0x00056200
Size Of Initialized Data	0x00000C00
File Type	IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type	IMAGE_FILE_MACHINE_I386
Compile Timestamp	2024-05-14 11:40 (UTC)

Version Information (11)

Comments	-
CompanyName	-
FileDescription	-
FileVersion	1.3.0.0
InternalName	Client.exe
LegalCopyright	-
LegalTrademarks	-
OriginalFilename	Client.exe
ProductName	-
ProductVersion	1.3.0.0
Assembly Version	1.3.0.0

Sections (3)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x00402000	0x000561F4	0x00056200	0x00000200	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	6.45
.rsrc	0x0045A000	0x00000A00	0x00000A00	0x00056400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	4.24
.reloc	0x0045C000	0x0000000C	0x00000200	0x00056E00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	0.1

Imports (1)

mscoree.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CorExeMain	-	0x00402000	0x000581BC	0x000563BC	0x00000000

Memory Dumps (15)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
client.exe	1	0x00010000	0x0006DFFF	Relevant Image	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump
buffer	1	0x04EAC000	0x04EAFFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x0492C000	0x0492FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x044EE000	0x044EFFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x001F9000	0x001FFFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
client.exe	1	0x00010000	0x0006DFFF	First Network Behavior	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump
client.exe	1	0x00010000	0x0006DFFF	Final Dump	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump
client.exe	1	0x00010000	0x0006DFFF	Process Termination	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump
recycle bins.exe	7	0x00010000	0x0006DFFF	Relevant Image	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump
buffer	7	0x04E9D000	0x04E9FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x04D5C000	0x04D5FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x0482C000	0x0482FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x0433E000	0x0433FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x001F9000	0x001FFFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
recycle bins.exe	7	0x00010000	0x0006DFFF	First Network Behavior	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump

YARA Matches (2)

Rule Name	Rule Description	Classification	Score	Actions
xRAT_1	xRAT malware	Backdoor	5/5	... Actions Show Ruleset Show Match
QuasarRAT	QuasarRAT	Backdoor	5/5	... Actions Show Ruleset Show Match

C:\Users\OqXZRaykm\AppData\Roaming\Logs\05-21-2024

Dropped File

Stream

MIME Type	application/octet-stream
File Size	224 Bytes
MD5	a4305a85b47e38ba04d8280e37c3b45b
SHA1	906afab3b7e8d4441af1f8415b2d6bd026500c62
SHA256	4ff09d47ef2abbd0ed53c3e6556ad50648ee3f255ef55e13a54a5fd4a3acfd27
SSDeep	6:BxpANOAwk685mamSqffNQC2QdtYl+ycxzpRZ+:rAwf85PYffCLQdtYH
ImpHash	-

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

Before

After

WHOIS Domain Information