General
-
Target
defbae45ea8e71f8a50123f382f4538afc9db836de09bab316464d4793394f19
-
Size
637KB
-
MD5
3ae1b43ae183a646db68834676be741c
-
SHA1
e50bb029949247457a6c9faa31e38f1fb9dfd6ae
-
SHA256
defbae45ea8e71f8a50123f382f4538afc9db836de09bab316464d4793394f19
-
SHA512
eb4f887d7e73f8130ae6d2f7cf27e6921a304b4a94ca50e2e747b7f057dd7d3e882556edf27dd1fdb625d0b74afc7d000702a034f258609ded97cd7940abfe70
Score
10/10
Malware Config
Extracted
Family
quasar
Version
2.1.0.0
Botnet
KRNL
C2
127.0.0.1:4782
quadrad.duckdns.org:1604
Mutex
VNM_MUTEX_w5oFkfEj8KXNrXmElF
Attributes
-
encryption_key
HNAC3wR1K0TyDxzlsLfi
-
install_name
KRNL By IceBerg.exe
-
log_directory
Logs
-
reconnect_delay
100
-
startup_key
KRNL By IceBerg
-
subdirectory
Boostrapper
Signatures
-
Contains code to disable Windows Defender 1 IoCs
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Quasar Payload 1 IoCs
-
Quasar family
Files
-
defbae45ea8e71f8a50123f382f4538afc9db836de09bab316464d4793394f19