Overview

overview

10

Static

static

10

4c600d6cfd...JC.exe

windows7-x64

10

4c600d6cfd...JC.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4c600d6cfd08ecc5afef504a07b8dcffd042d613a7fe654cd0e15f3883ca5df3_JC.exe

  • Size

    515KB

  • MD5

    6805294fce504580dee9aefc460f30a0

  • SHA1

    1cb167f9c4ab5d6cf19bc3a91d8fa7f636498ea1

  • SHA256

    4c600d6cfd08ecc5afef504a07b8dcffd042d613a7fe654cd0e15f3883ca5df3

  • SHA512

    9f383a5c8c4b6425cdef40503f9e725d69d6db88bc3795970ed20ed12b25264e6539cb5b0c3203bb14a493b71c66e3631fc47b4db3b2f70588ddfcd6d5f6758d

  • SSDEEP

    6144:XTEgdc0Y2ebGbXOsA6j1Rdh58mIE2yURgIhYMvSCBwcEzGb8F9JwuhIRLDcTR3Q5:XTEgdfY8A6BAgjHfjBAs8cdQ5

Score
10/10
heloduiyquasar

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

HELODUIY

C2

14.225.254.32:9090

Mutex

cab9f97a-7cbe-4da1-99bc-3bc9e844ecbc

Attributes
  • encryption_key

    677BA3CA93A14ED21921E76CDFAADEF9D4E79629

  • install_name

    System.Security.Cryptography.Algorithms.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Realtek

  • subdirectory

    SubDir

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 4c600d6cfd08ecc5afef504a07b8dcffd042d613a7fe654cd0e15f3883ca5df3_JC.exe
    .exe windows:4 windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections