Overview

overview

10

Static

static

10

288cf51166...7c.exe

windows7_x64

10

288cf51166...7c.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    288cf51166bb6407c0f13c70a31fefba81ca381bc79dda54af39370ee479d47c

  • Size

    683KB

  • MD5

    497e3b749e37fa682a0cf5f5ec869296

  • SHA1

    b6405eb80e48a075489dae999c3291eff5246112

  • SHA256

    288cf51166bb6407c0f13c70a31fefba81ca381bc79dda54af39370ee479d47c

  • SHA512

    86d137a1d8dd452c94c42293b2d2c05d3a10c017c2f1f6f18b2ca54c75925fcd0745d5e59e9deb9d533aeaf824a1e727513a2bf852d96c68e2c1f252ce84fd93

  • SSDEEP

    12288:WjxIhDXIsMxoCQYcFtBZQt8MillfoCEy1T2GRR:W9+IsMxsZ2iloyjR

Score
10/10
$77systemtelemtryquasar

Malware Config

Extracted

Family

quasar

Version

2.1.0.0

Botnet

$77systemtelemtry

C2

192.168.0.44:80

67.61.188.107:80
Mutex

VNM_MUTEX_OplgS6EDrflEgnBXyU

Attributes
  • encryption_key

    tfNbPwosWP6IOHXzQKKG

  • install_name

    windowsrc.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Windows Registry Handler

  • subdirectory

    bin

Signatures

  • Contains code to disable Windows Defender 1 IoCs

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • Quasar Payload 1 IoCs
  • Quasar family
    quasar

Files

  • 288cf51166bb6407c0f13c70a31fefba81ca381bc79dda54af39370ee479d47c
    .exe windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections