General
-
Target
64afd72d0ce6f7b9a31a844558744670ff4a0c453276db4b81c5942966f349d9
-
Size
3.1MB
-
MD5
d7e21a123677b49f2131a0644c6e73b2
-
SHA1
0fda26bfa4c8da86c8c191da8f6c710edb93f895
-
SHA256
64afd72d0ce6f7b9a31a844558744670ff4a0c453276db4b81c5942966f349d9
-
SHA512
ae2f026eead853b2139c7da8d4e44be25337865db971d9284846bc25bfa5eed81515da62e95227c8737009edc7496f35a8fcdf01aed7ccfdc41b36ae5f82ccac
-
SSDEEP
49152:Svkt62XlaSFNWPjljiFa2RoUYI1bDDoGdRJTHHB72eh2NT:Sv462XlaSFNWPjljiFXRoUYI1bP
Score
10/10
Malware Config
Extracted
Family
quasar
Version
1.4.1
Botnet
ezzz
C2
k-essex.at.ply.gg:22098
Mutex
ea1b5894-0bd3-4eb5-9d80-ecf32d959161
Attributes
-
encryption_key
8F262B645320AD857877AF9028600C551D209B56
-
install_name
ntoskrnl.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
ntoskrnl.exe
-
subdirectory
Microsoft
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
64afd72d0ce6f7b9a31a844558744670ff4a0c453276db4b81c5942966f349d9
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections