Overview

overview

10

Static

static

10

ecbe1cbab7...86.exe

windows7_x64

10

ecbe1cbab7...86.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ecbe1cbab7710a6b7c33166eeeb192b981047c7fa0989fe6e0e403f79cb1dc86

  • Size

    534KB

  • MD5

    45d84deec92077d7fdbd7f56091ed5ef

  • SHA1

    f6be7aa7a72ed5c03cf25312833dc19db1c9eb76

  • SHA256

    ecbe1cbab7710a6b7c33166eeeb192b981047c7fa0989fe6e0e403f79cb1dc86

  • SHA512

    3dc25114f43e73bd6fa8d8a06d41f2eebdfc55adffbfb1e4571f536f82b4677421400986e47883ca5a485aada4b61553a1e8b1b5bbbae1fe667205d3ea8769e8

  • SSDEEP

    6144:m8fGDJngzxsoIasFzFMkbN3yEcC+NvbMmSibwbQDIeopf9MlE1f9xGy3V8/GV0jz:AkxfIayFMWZ+bM7E81pf9MlE1f9o7

Score
10/10
fadedratquasar

Malware Config

Extracted

Family

quasar

Version

2.1.0.0

Botnet

FadedRAT

C2

66.191.218.42:6606

Mutex

VNM_MUTEX_vy60sMeB6q8c2CPqmk

Attributes
  • encryption_key

    tI07nGR3B89O88FLmj05

  • install_name

    zncodec.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    zncodec

  • subdirectory

    rrcodex

Signatures

  • Contains code to disable Windows Defender 1 IoCs

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • Quasar Payload 1 IoCs
  • Quasar family
    quasar

Files

  • ecbe1cbab7710a6b7c33166eeeb192b981047c7fa0989fe6e0e403f79cb1dc86
    .exe windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections