Overview

overview

10

Static

static

10

f5f3e9b43e...9c.exe

windows7_x64

10

f5f3e9b43e...9c.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f5f3e9b43eec8bff47679ea02aec02edb979051e5fe21cc0f2bf6c919d10c49c

  • Size

    535KB

  • MD5

    3f9a8ee266de6359f15b00036d5f68de

  • SHA1

    a4da83900d535107af9d3002da17304e90f82d98

  • SHA256

    f5f3e9b43eec8bff47679ea02aec02edb979051e5fe21cc0f2bf6c919d10c49c

  • SHA512

    1e701f93913d71486c547b93f7df649a041764d8064075d6e96633126eb91d9f91800ceaf0a7bf2ba2c9709713abe4793cb1c01e15cad4f664c0d64af7396843

Score
10/10
targetquasar

Malware Config

Extracted

Family

quasar

Version

2.1.0.0

Botnet

Target

C2

127.0.0.1:4782

5.61.58.196:4782
Mutex

VNM_MUTEX_crPIzCvcj61Y0AONus

Attributes
  • encryption_key

    ipvN2WXJtCaOW5xaZeEo

  • install_name

    Defender.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    DefenderCheckUpdate

  • subdirectory

    SubDir

Signatures

  • Contains code to disable Windows Defender 1 IoCs

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • Quasar Payload 1 IoCs
  • Quasar family
    quasar

Files

  • f5f3e9b43eec8bff47679ea02aec02edb979051e5fe21cc0f2bf6c919d10c49c
    .exe windows x86