quasar | MMLo7-Rat-main[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

MMLo7-Rat-main.zip
Size

6.9MB
MD5

b50c981ad01db7b21b7b760b6153a3d8
SHA1

a47220b1ebd770f34e45887be042ae0ea52c8199
SHA256

664df7eb94315e69939e7b16fa546710d3bdfccb8d1fd0b6eff067165c5764fd
SHA512

a9a2f73328cc366c57a7d8b8c5a9ae6798af0cf6908a8e410ab0406c86eeec0e3688aa851ae07a02d7d0ce62a606fab840018968994019a363f3e825db134cf9
SSDEEP

196608:Qc0eI5yaSU6GH2Th2T3/BXbRDV60HqLG0:h0VyNUHKo35LRhiF

Score

10^/10

quasar

Malware Config

Extracted

Family

quasar

Attributes

reconnect_delay
5000

Signatures

Quasar family
quasar

Quasar payload 2 IoCs

resource	yara_rule
static1/unpack001/MMLo7-Rat-main/client.bin	family_quasar
static1/unpack001/MMLo7-Rat-main/turingmachine.exe	family_quasar

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MMLo7-Rat-main/ComponentFactory.Krypton.Toolkit.dll
unpack001/MMLo7-Rat-main/Krypton.Toolkit.dll
unpack001/MMLo7-Rat-main/MMLo7 Rat.exe
unpack001/MMLo7-Rat-main/Mono.Cecil.dll
unpack001/MMLo7-Rat-main/Mono.Nat.dll
unpack001/MMLo7-Rat-main/Vestris.ResourceLib.dll
unpack001/MMLo7-Rat-main/client.bin
unpack001/MMLo7-Rat-main/turingmachine.exe

Files

MMLo7-Rat-main.zip
.zip

Password: 12777
MMLo7-Rat-main/ComponentFactory.Krypton.Toolkit.dll
.dll windows x86

Password: 12777

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MMLo7-Rat-main/ComponentFactory.Krypton.Toolkit.pdb
MMLo7-Rat-main/Krypton.Toolkit.dll
.dll windows x86

Password: 12777

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MMLo7-Rat-main/Krypton.Toolkit.xml
.xml
MMLo7-Rat-main/MMLo7 Rat.exe
.exe windows x86

Password: 12777

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MMLo7-Rat-main/MMLo7 Rat.exe.config
.xml
MMLo7-Rat-main/Mono.Cecil.dll
.dll windows x86

Password: 12777

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 275KB - Virtual size: 275KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MMLo7-Rat-main/Mono.Nat.dll
.dll windows x86

Password: 12777

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MMLo7-Rat-main/Profiles/Default.xml
MMLo7-Rat-main/README.md
MMLo7-Rat-main/Vestris.ResourceLib.dll
.dll windows x86

Password: 12777

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MMLo7-Rat-main/client.bin
.exe windows x86

Password: 12777

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 282KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MMLo7-Rat-main/settings.xml
MMLo7-Rat-main/turingmachine.exe
.exe windows x86

Password: 12777

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 282KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MMLo7-Rat-main/turingmachine.exe.config
.xml

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: 12777

Password: 12777

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rsrc Size: 99KB - Virtual size: 98KB

.reloc Size: 512B - Virtual size: 12B

Password: 12777

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 4.3MB - Virtual size: 4.3MB

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 512B - Virtual size: 12B

Password: 12777

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rsrc Size: 108KB - Virtual size: 108KB

.reloc Size: 512B - Virtual size: 12B

Password: 12777

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 275KB - Virtual size: 275KB

.rsrc Size: 1024B - Virtual size: 824B

.reloc Size: 512B - Virtual size: 12B

Password: 12777

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 37KB - Virtual size: 37KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Password: 12777

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 74KB - Virtual size: 73KB

.rsrc Size: 1024B - Virtual size: 1000B

.reloc Size: 512B - Virtual size: 12B

Password: 12777

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

.text
Size: 2.7MB - Virtual size: 2.7MB

.rsrc
Size: 99KB - Virtual size: 98KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 4.3MB - Virtual size: 4.3MB

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 2.7MB - Virtual size: 2.7MB

.rsrc
Size: 108KB - Virtual size: 108KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 275KB - Virtual size: 275KB

.rsrc
Size: 1024B - Virtual size: 824B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 37KB - Virtual size: 37KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 74KB - Virtual size: 73KB

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 282KB - Virtual size: 282KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 282KB - Virtual size: 282KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 12B