General
-
Target
_-Venom.exe
-
Size
534KB
-
MD5
56b18f02883a486cbb4c826028ecfe11
-
SHA1
3e9a496bc38f73910cbd3d5576ec22d9b804a8dd
-
SHA256
815b2bf1ddadfb46a27001e08246e8f82f629eb793963bef856d17e1ef9c4085
-
SHA512
b507414c3d429d0d38dfffe2a5a3ec174012087790dd6c9ce86d16c402e68cc15788a1ec7c6baa8a3fc6f71c8a5695ef155288abc216660f9d5c54df5a75ad35
Score
10/10
Malware Config
Extracted
Family
quasar
Version
2.1.0.0
Botnet
HOST _S
C2
44334333-31579.portmap.io:31579
Mutex
VNM_MUTEX_yC484ajmODj5OJv3Dx
Attributes
-
encryption_key
psSc86jtY2yoNlEhs1Dp
-
install_name
svchost.exe
-
log_directory
liblogsconfig
-
reconnect_delay
3000
-
startup_key
Java Update jdk
-
subdirectory
svchost
Signatures
-
Contains code to disable Windows Defender 1 IoCs
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Quasar Payload 1 IoCs
-
Quasar family
Files
-
_-Venom.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Code Sign
Headers
Imports
Sections