General
-
Target
1c7f91a5e04f5c80a1c9ec36a0b6a78e762359236ac67a5ea57c4083f44339c8
-
Size
546KB
-
MD5
099bce8eba599fd7262af4fe930ab098
-
SHA1
ccdfce07b8ca10a2b33e670dc09550e0b43d5dcb
-
SHA256
1c7f91a5e04f5c80a1c9ec36a0b6a78e762359236ac67a5ea57c4083f44339c8
-
SHA512
3b9aa646ba2862bbd1644ed62034dcf4ff3a6d4b9f63ecc95281832dfbc03cd96c4a1894150ea45b4288abd9eae9a7ee2fa01634a3d7232c169d4c7e3681e345
Score
10/10
Malware Config
Extracted
Family
quasar
Mutex
Attributes
- encryption_key
- install_name
- log_directory
-
reconnect_delay
3000
- startup_key
- subdirectory
Signatures
-
Contains code to disable Windows Defender 1 IoCs
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Quasar Payload 1 IoCs
-
Quasar family
Files
-
1c7f91a5e04f5c80a1c9ec36a0b6a78e762359236ac67a5ea57c4083f44339c8