Try VMRay Platform
Malicious
Classifications

Backdoor Spyware Keylogger

Threat Names

QuasarRAT xRAT Mal/Generic-S QuasarRAT.v1

Dynamic Analysis Report

Created on 2024-05-20T23:07:37+00:00

Sghgftd.exe

Windows Exe (x86-32)
...

Remarks (1/1)

(0x02000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\Sghgftd.exe Sample File Binary
Malicious
...
»
Also Known As C:\Users\RDhJ0CNFevzX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sghgftd.exe (Accessed File)
MIME Type application/vnd.microsoft.portable-executable
File Size 246.00 KB
MD5 7a414a0203557d6985035ed07a9c87d2 Copy to Clipboard
SHA1 698b4ee59982ce8f7a0a1ce728919d1e8ba24232 Copy to Clipboard
SHA256 1928b93e3d7d30a0e8c2f6ef17b6333f79a3ee628ede60c41b1885f74e7f3303 Copy to Clipboard
SSDeep 384:cJrnR3yXmco3AFqZoQhTxHNuqjR/Kr+kx/1lo9s5O6INx9y0MGP/IJdEgbmB+l9m:SKynsnbDFOx9y0hLpKP3D+EWr Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
File Reputation Information
»
Verdict
Malicious
Names Mal/Generic-S
PE Information
»
Image Base 0x00400000
Entry Point 0x004051A2
Size Of Code 0x00003200
Size Of Initialized Data 0x0003A400
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2022-12-25 20:59 (UTC+1)
Version Information (7)
»
FileDescription Sghgftd
FileVersion 0.0.0.0
InternalName Sghgftd.exe
LegalCopyright
OriginalFilename Sghgftd.exe
ProductVersion 0.0.0.0
Assembly Version 0.0.0.0
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00402000 0x000031A8 0x00003200 0x00000200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 5.47
.rsrc 0x00406000 0x0003A1A8 0x0003A200 0x00003400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.42
.reloc 0x00442000 0x0000000C 0x00000200 0x0003D600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.08
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain - 0x00402000 0x00005178 0x00003378 0x00000000
Memory Dumps (60)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
sghgftd.exe 1 0x00FF0000 0x01033FFF Relevant Image False 32-bit - False
...
buffer 1 0x00B7E000 0x00B7FFFF First Network Behavior False 32-bit - False
...
buffer 1 0x00189000 0x0018FFFF First Network Behavior False 32-bit - False
...
sghgftd.exe 1 0x00FF0000 0x01033FFF First Network Behavior False 32-bit - False
...
buffer 1 0x04CF0000 0x04D2AFFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 1 0x01380000 0x01381FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 1 0x056F0000 0x056F0FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 1 0x05700000 0x05700FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 1 0x05710000 0x05710FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 1 0x05700000 0x05700FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 1 0x05720000 0x05720FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 1 0x05730000 0x05730FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 1 0x05720000 0x05720FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 1 0x05740000 0x05740FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 1 0x056F0000 0x056F0FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 1 0x05750000 0x05750FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 1 0x05740000 0x05740FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 1 0x056F0000 0x056F0FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
sghgftd.exe 1 0x00FF0000 0x01033FFF Final Dump False 32-bit - False
...
buffer 1 0x05770000 0x05770FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 1 0x05750000 0x05750FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 1 0x05740000 0x05740FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 1 0x056F0000 0x056F0FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 1 0x05780000 0x05780FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 1 0x05770000 0x05770FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 1 0x05750000 0x05750FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 1 0x05740000 0x05740FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 1 0x056F0000 0x056F0FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 7 0x00400000 0x0045DFFF Content Changed False 32-bit - False
...
sghgftd.exe 7 0x004B0000 0x004F3FFF Relevant Image False 32-bit - False
...
sghgftd.exe 1 0x00FF0000 0x01033FFF Process Termination False 32-bit - False
...
buffer 7 0x04D2D000 0x04D2FFFF First Network Behavior False 32-bit - False
...
buffer 7 0x0489C000 0x0489FFFF First Network Behavior False 32-bit - False
...
buffer 7 0x0445E000 0x0445FFFF First Network Behavior False 32-bit - False
...
buffer 7 0x00189000 0x0018FFFF First Network Behavior False 32-bit - False
...
buffer 7 0x00400000 0x0045DFFF First Network Behavior False 32-bit - False
...
sghgftd.exe 7 0x004B0000 0x004F3FFF First Network Behavior False 32-bit - False
...
sghgftd.exe 9 0x00030000 0x00073FFF Relevant Image False 32-bit - False
...
buffer 9 0x05150000 0x0518AFFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 9 0x047F0000 0x047F1FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 9 0x04990000 0x04990FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 9 0x049B0000 0x049B0FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 9 0x04B50000 0x04B50FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 9 0x04B60000 0x04B60FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 9 0x04B70000 0x04B70FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 9 0x05290000 0x05290FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 9 0x052A0000 0x052A0FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 9 0x052C0000 0x052C0FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 9 0x052D0000 0x052D0FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 10 0x00400000 0x0045DFFF Content Changed False 32-bit - False
...
sghgftd.exe 10 0x00550000 0x00593FFF Relevant Image False 32-bit - False
...
sghgftd.exe 9 0x00030000 0x00073FFF Process Termination False 32-bit - False
...
buffer 10 0x04CFE000 0x04CFFFFF First Network Behavior False 32-bit - False
...
buffer 10 0x0487C000 0x0487FFFF First Network Behavior False 32-bit - False
...
buffer 10 0x0235E000 0x0235FFFF First Network Behavior False 32-bit - False
...
buffer 10 0x00188000 0x0018FFFF First Network Behavior False 32-bit - False
...
buffer 10 0x00400000 0x0045DFFF First Network Behavior False 32-bit - False
...
sghgftd.exe 10 0x00550000 0x00593FFF First Network Behavior False 32-bit - False
...
buffer 10 0x00400000 0x0045DFFF Final Dump False 32-bit - False
...
sghgftd.exe 10 0x00550000 0x00593FFF Final Dump False 32-bit - False
...
C:\Users\RDhJ0CNFevzX\AppData\Roaming\Logs888\05-21-2024 Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 224 Bytes
MD5 5d31df28ec12bd47eb679eb9d149b2af Copy to Clipboard
SHA1 be237cb12b2ed9e16814426726a25104ba73bef9 Copy to Clipboard
SHA256 d0e8663de0dd6a99118a7b57f6580675644b2f240ebee1fc3c0cd011a326f338 Copy to Clipboard
SSDeep 6:p3G8IEnxN3lRcuOCcCZ7i3Bb0Ui0JO+IYR2OeV1SIp1TBl:RRB3Pntw3Bb0+JR+/Sml Copy to Clipboard
ImpHash -
C:\Users\RDhJ0CNFevzX\AppData\Roaming\Logs888\05-21-2024 Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 224 Bytes
MD5 9d9d214ad34765178048e9da0e5e69cb Copy to Clipboard
SHA1 1fb5f18cdb96d7a562e070787c8792b0f20d12d1 Copy to Clipboard
SHA256 a5eb35709d94539a8d3d3ccb58b1e4b330aa9d523464ade7aea820cf28dcbbfd Copy to Clipboard
SSDeep 6:UsJwK7thuMbKJkHN1BTGH18YVBLK5gGKmhm:UsJtxFbcktLg18YVk99I Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image