QuasarRAT,xRAT | d0c4045c70a0

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\RDhJ0CNFevzX\Desktop\Windows 2024.exe

Sample File

Binary

MIME Type	application/vnd.microsoft.portable-executable
File Size	409.00 KB
MD5	cf570b21f42f0ce411b7c9961068931e
SHA1	f92aa688a1dbd64a4585ecfe80a9c2d7f408c57d
SHA256	d0c4045c70a0822806a4e56d7883821cd2c19362f1cfed3bcbdb1e1b8eb15234
SSDeep	12288:jpyJcC+PgUUboV2hShYoyTyrIh9eqh6bIK+Pz9:9wd+Y2IweyA9eqkMZ
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744

File Reputation Information

Verdict	Malicious
Names	Mal/Generic-S

PE Information

Version Information (11)

Sections (3)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x00402000	0x000654D4	0x00065600	0x00000200	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	6.54
.rsrc	0x00468000	0x00000864	0x00000A00	0x00065800	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	5.1
.reloc	0x0046A000	0x0000000C	0x00000200	0x00066200	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	0.1

Imports (1)

mscoree.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CorExeMain	-	0x00402000	0x000674A4	0x000656A4	0x00000000

Memory Dumps (7)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
windows 2024.exe	1	0x00C10000	0x00C7BFFF	Relevant Image	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump
buffer	1	0x04D9E000	0x04D9FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x0107C000	0x0107FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00B9E000	0x00B9FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00188000	0x0018FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00D095F0	0x00D097F7	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
windows 2024.exe	1	0x00C10000	0x00C7BFFF	First Network Behavior	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump

YARA Matches (2)

Rule Name	Rule Description	Classification	Score	Actions
xRAT_1	xRAT malware	Backdoor	5/5	... Actions Show Ruleset Show Match
QuasarRAT	QuasarRAT	Backdoor	5/5	... Actions Show Ruleset Show Match

C:\Users\RDhJ0CNFevzX\AppData\Roaming\$sxr-Logs\05-28-2024

Dropped File

Stream

MIME Type	application/octet-stream
File Size	224 Bytes
MD5	72e56fd089725ae4740db425684df929
SHA1	3ed18b835db0854761ba5d1999f7437ecf4fa0c5
SHA256	4cc41dea69409efd49b673b7eb1ceb6b34054ff1dcb5c3c2ea9be75c750de4a4
SSDeep	6:lGw1P8Y5GPUv5K1FXWHtTAY+ZDdka0ka0IblWX5Hs:N8Y5GPUvsX4BOyXx0I0C
ImpHash	-

C:\Users\RDhJ0CNFevzX\AppData\Local\Temp\install.exe

Dropped File

Empty File