Overview

overview

10

Static

static

10

9C78846071...F9.exe

windows7_x64

10

9C78846071...F9.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9C78846071126D7F29A8B82B699903031D7D2CD837DF9.exe

  • Size

    1.5MB

  • MD5

    58a250aeb22f0040185210402d4243b3

  • SHA1

    cb74b3dba0e3ef8073f03810a0232da641b8a587

  • SHA256

    9c78846071126d7f29a8b82b699903031d7d2cd837df91584fd1ee7eb7b8c93b

  • SHA512

    72aea6fd61661826dad7de76d7e998de0f91cf9992282cb16dcf11ca8a32c64b249839f9680b6a0a95b848c2f57fb4b1d5d80f300007656edd8ad95c7afe4980

  • SSDEEP

    24576:73Az+jwa8Jnkqbr5yT073RmbaLpYEywZiPiM9jzoCaYN:73AzoiLBBBO0pnyZPhgCaY

Score
10/10
quasarredline

Malware Config

Extracted

Family

quasar

Mutex

Attributes
  • encryption_key

  • install_name

  • log_directory

  • reconnect_delay

    3000

  • startup_key

  • subdirectory

Signatures

  • Contains code to disable Windows Defender 1 IoCs

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • Quasar Payload 1 IoCs
  • Quasar family
    quasar
  • RedLine Payload 1 IoCs
  • Redline family
    redline

Files

  • 9C78846071126D7F29A8B82B699903031D7D2CD837DF9.exe
    .exe windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections