Overview

overview

10

Static

static

10

dridex

windows10-1703-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    ffbf3107cf8103f738975e913dbaf5acac850e5c498ec7329ef40d566b9502ab

  • Size

    3.1MB

  • MD5

    aad4399dbd35d6aa67335c724fcf91c9

  • SHA1

    7960d76e7074ed8361919138f1aa9c1151d18853

  • SHA256

    ffbf3107cf8103f738975e913dbaf5acac850e5c498ec7329ef40d566b9502ab

  • SHA512

    40cf473d087f29af8f6fa7166dc0498da25dcfed0ba6e6bf25c100e6a43130d1e8103bc417ade9f002a6c8a005c2ff0408a0eefabc875064acf570d8dee7b5e0

  • SSDEEP

    49152:Z+kkbi41X4rCBnhPTBJ5+hQD698qgjeOWWRoG90THHB72eh2NT:Z+JjUCBnhPTBJqQD698f6OWo

Score
10/10
muahahaquasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Muahaha

C2

37.139.129.145:5512

Mutex

5a092138-836c-4206-9af6-8a540736ef07

Attributes
  • encryption_key

    D21B49539C3EA494897D43CF75CBF5F989F0792A

  • install_name

    ntoskrnl.exe

  • log_directory

    SystemLogs

  • reconnect_delay

    3000

  • startup_key

    Kernel

  • subdirectory

    Kernel

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • ffbf3107cf8103f738975e913dbaf5acac850e5c498ec7329ef40d566b9502ab
    .exe windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections