General

  • Target

    5b092b9eae4e57fab721a1e5b5a7cb92afe81fd1cc24d371cfa44c9cb0bb88fa

  • Size

    593KB

  • MD5

    c43fe8c5ca00ddf821a56b2b6ccc8584

  • SHA1

    dc0424cf138ae4cd0d6c52d684fb1df3bd5af6f1

  • SHA256

    5b092b9eae4e57fab721a1e5b5a7cb92afe81fd1cc24d371cfa44c9cb0bb88fa

  • SHA512

    e29ebd1b452c1dae15ebb7b30f8955be74dec4d07c5a0f48dcf190f638a9bba79ca8fc02c9ad413c10af6081621576d3ebd1b4ffda2c9afb1b61a00cc064af86

Malware Config

Extracted

Family

quasar

Mutex

Attributes
  • encryption_key

  • install_name

  • log_directory

  • reconnect_delay

    3000

  • startup_key

  • subdirectory

Signatures

  • Contains code to disable Windows Defender 1 IoCs

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • Mercurialgrabber family
  • Quasar Payload 1 IoCs
  • Quasar family

Files

  • 5b092b9eae4e57fab721a1e5b5a7cb92afe81fd1cc24d371cfa44c9cb0bb88fa
    .exe windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Code Sign

    Headers

    Imports

    Sections