QuasarRAT.v1,xRAT | 601768671271

Classifications

Backdoor

Threat Names

QuasarRAT xRAT Mal/Generic-S QuasarRAT.v1

Dynamic Analysis Report

Created on 2024-05-24T04:31:38+00:00

Client.exe

Windows Exe (x86-32)

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\RDhJ0CNFevzX\Desktop\Client.exe

Sample File

Binary

MIME Type	application/vnd.microsoft.portable-executable
File Size	349.00 KB
MD5	54b8f756beb83bbbb5a1941e9abc5f1c
SHA1	3b27d4d314483e4123a1642c98dfd6e2306392b5
SHA256	601768671271d499533a4360f1272fdb5a86ce4c87649811b80fc463422dff41
SSDeep	6144:4KMJx4pweP7kJS3ieCxMNr3jOyCJIZO6SVkDtOkb102ofRili6d96:4KoSF/TOnJIc6S6DtOkUZiUA96
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744

File Reputation Information

Verdict	Malicious
Names	Mal/Generic-S

PE Information

Image Base	0x00400000
Entry Point	0x79007BF0
Size Of Code	0x00056800
Size Of Initialized Data	0x00000A00
File Type	IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type	IMAGE_FILE_MACHINE_I386
Compile Timestamp	2018-05-04 16:29 (UTC)

Version Information (7)

FileDescription
FileVersion	1.3.0.0
InternalName	Client.exe
LegalCopyright
OriginalFilename	Client.exe
ProductVersion	1.3.0.0
Assembly Version	1.3.0.0

Sections (3)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x00402000	0x00056724	0x00056800	0x00000200	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	6.43
.rsrc	0x0045A000	0x00000800	0x00000800	0x00056A00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	4.71
.reloc	0x0045C000	0x0000000C	0x00000200	0x00057200	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	0.1

Imports (1)

mscoree.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CorExeMain	-	0x00402000	0x000586F0	0x000568F0	0x00000000

YARA Matches (2)

Rule Name	Rule Description	Classification	Score	Actions
xRAT_1	xRAT malware	Backdoor	5/5	... Actions Show Ruleset Show Match
QuasarRAT	QuasarRAT	Backdoor	5/5	... Actions Show Ruleset Show Match

Function Logfile

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".

Before

After

WHOIS Domain Information

Screenshot

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

Before

After

WHOIS Domain Information