Overview

overview

10

Static

static

10

0x000b0000...60.exe

windows7-x64

10

0x000b0000...60.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0x000b0000000122e5-60.dat

  • Size

    3.1MB

  • MD5

    8164a3361f7bb473d898b796ec12d468

  • SHA1

    71d2afe83bedb25eec78188ddc1385361c3d632f

  • SHA256

    c1ed20f252eaa28ae2e5fc1bc08c60d9f6beccecf5ad1cb2e8278271c7acda59

  • SHA512

    e50bec34cc54dcf4fad041277b53f33c1cad64ea4f9352bd2bc144a4b41514b1c33e32245b3385f15fe14019c11c741f167e884de519ea4b2cb6a78dd598421c

  • SSDEEP

    49152:avct62XlaSFNWPjljiFa2RoUYI2YRJ60bR3LoGdWTHHB72eh2NT:avg62XlaSFNWPjljiFXRoUYI2YRJ6+

Score
10/10
ninjagramquasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

ninjagram

C2

nethttp.sytes.net:4782

Mutex

f04d3337-2e5e-4a42-bb35-8f2a600f118f

Attributes
  • encryption_key

    D3749570795A041A5B9B7F71D15CD539096DC336

  • install_name

    boot.exe

  • log_directory

    security

  • reconnect_delay

    1000

  • startup_key

    services

  • subdirectory

    winrn

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 0x000b0000000122e5-60.dat
    .exe windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections