General
-
Target
fe017545d9438e8491e09152ec9d4ee9faa9aaf64b601f500db2314260204e2f
-
Size
535KB
-
MD5
8ec725efd4c12cb8c7e44f964a343ab8
-
SHA1
8c5bf29556afd3fe1d4dc6424c422903b9d03073
-
SHA256
fe017545d9438e8491e09152ec9d4ee9faa9aaf64b601f500db2314260204e2f
-
SHA512
4c2be251a75c1f274af141ef153efe76a15cd42b631a0041bcbc351a717ca8b0a8f92d7010261ec019185527e0785d777ca1f6d80bba3fbbcf61fc1d6d41357a
Score
10/10
Malware Config
Extracted
Family
quasar
Version
2.1.0.0
Botnet
Hacked
C2
AUTHGG-37696.portmap.host:37696
Mutex
VNM_MUTEX_wX978IqIpFgn6uoBO6
Attributes
-
encryption_key
39b1ysbZHxi3Lh3NMkbU
-
install_name
Host Process for Windows Tasks.exe
-
log_directory
Microsoft
-
reconnect_delay
1000
-
startup_key
Host Process for Setting Synchronization
-
subdirectory
MIcrosoft
Signatures
-
Contains code to disable Windows Defender 1 IoCs
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Quasar Payload 1 IoCs
-
Quasar family
Files
-
fe017545d9438e8491e09152ec9d4ee9faa9aaf64b601f500db2314260204e2f