QuasarRAT.v2,xRAT | e4b15f8ce5b8

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\RDhJ0CNFevzX\Desktop\$77-Venom.exe

Sample File

Binary

Also Known As	C:\Windows\SysWOW64\SubDir\$77System32.exe (Accessed File) C:\Windows\syswow64\SubDir\$77System32.exe (Dropped File, Accessed File)
MIME Type	application/vnd.microsoft.portable-executable
File Size	534.50 KB
MD5	70bf98277855b77ff93fd4e1d3f057b6
SHA1	7a996af7a839ae34d6b07d9b4bf176f9f4476764
SHA256	e4b15f8ce5b80e4f7d805ecfd73311eb133b5c138d074e806a48b81584292f65
SSDeep	6144:M8fGrBIgrx8kFYLTiMkbT+K6krvFJWIbxli/d+WOFtSAoSYMVg9QGy3V8/GV0ji8:uPx7FYPiMO3JJA/dxOFtSYPVg9Vv
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744

File Reputation Information

Verdict

Malicious

PE Information

Version Information (11)

Sections (3)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x00402000	0x00084C34	0x00084E00	0x00000200	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	6.45
.rsrc	0x00488000	0x00000800	0x00000800	0x00085000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	4.85
.reloc	0x0048A000	0x0000000C	0x00000200	0x00085800	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	0.1

Imports (1)

mscoree.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CorExeMain	-	0x00402000	0x00086BFC	0x00084DFC	0x00000000

Memory Dumps (8)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
$77-venom.exe	1	0x00260000	0x002EBFFF	Relevant Image	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump
buffer	1	0x04CFE000	0x04CFFFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x048BC000	0x048BFFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x043DD000	0x043DFFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00189000	0x0018FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
$77-venom.exe	1	0x00260000	0x002EBFFF	First Network Behavior	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump
$77-venom.exe	1	0x00260000	0x002EBFFF	Final Dump	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump
$77system32.exe	7	0x00940000	0x009CBFFF	Relevant Image	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump

YARA Matches (2)

Rule Name	Rule Description	Classification	Score	Actions
xRAT_1	xRAT malware	Backdoor	5/5	... Actions Show Ruleset Show Match
QuasarRAT	QuasarRAT	Backdoor	5/5	... Actions Show Ruleset Show Match

C:\Users\RDhJ0CNFevzX\AppData\Roaming\Logs\05-23-2024

Dropped File

Empty