General

  • Target

    0a37eef9a7a23635bf0bd60529521d44e60fa454a329a81466a657edb442a08f

  • Size

    348KB

  • MD5

    be1958cb2bbcde1fa0ebbdc73a579fff

  • SHA1

    d91235298ccc73a1712407db6ff7b83225e66c82

  • SHA256

    0a37eef9a7a23635bf0bd60529521d44e60fa454a329a81466a657edb442a08f

  • SHA512

    e70318ed7a80d6f16053a6a0376741774f49889b6cc189ff128f1fa3169c0724d84c649b25086b2420ce4c2222640b9da7974af20074f50054e382bbf639734f

  • SSDEEP

    6144:TLNHXf500MG5pYK+lrRgE4pyfIbJy0tgKbl4+YWkvEU+:Pd50QpYnne5XblF3kT+

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

INFECTED

C2

mpapwpodllalw:4787

Mutex

QSR_MUTEX_ZHiYRTyEwnDVythpPG

Attributes
  • encryption_key

    JJ24c9vhc2iN2AuqTdrZ

  • install_name

    lclsrv.exe

  • log_directory

    Logs

  • reconnect_delay

    1000

  • startup_key

    Microsoft SMB Filter 2.0

  • subdirectory

    Windows

Signatures

  • Quasar Payload 1 IoCs
  • Quasar family

Files

  • 0a37eef9a7a23635bf0bd60529521d44e60fa454a329a81466a657edb442a08f
    .exe windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections