Behavioral task
behavioral1
Sample
1914a2c8d1589d346dec86208bbbee37.exe
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
1914a2c8d1589d346dec86208bbbee37.exe
-
Size
502KB
-
MD5
1914a2c8d1589d346dec86208bbbee37
-
SHA1
c9f854cb866fc0dfa54ad4438fb1e3479a9a384e
-
SHA256
a725bb8800499239e18eb3973b4c4371214e8da4efb12108ac42957a3819572b
-
SHA512
fb7c411b9aa69deb8ac2660846a555e3bc2481dea13b858f1aa214a67160f02eb205dd08e84c6867c06deddca00ca562c938e2f667e05faac67adfcd9385799c
Malware Config
Extracted
Family
quasar
Version
1.4.0
Botnet
test1
C2
166.62.33.218:6624
Mutex
b2e23ea3-acf2-4226-ae2a-ae57e85e6e82
Attributes
-
encryption_key
C8BFD012DB4B42D492F03E53D34F6E70BFC0E813
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Signatures
-
Quasar Payload 1 IoCs
Processes:
resource yara_rule sample family_quasar -
Quasar family
Files
-
1914a2c8d1589d346dec86208bbbee37.exe.exe windows x86