Overview

overview

10

Static

static

10

4d3570b47a...JC.exe

windows7-x64

10

4d3570b47a...JC.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    4d3570b47aa54653c383105500047551de5457e05a1d58ed341bfc43c279bcf0exe_JC.exe

  • Size

    3.1MB

  • MD5

    a68021631c71d0a33aaf605de9b2a64a

  • SHA1

    a0dee572bb0dd6b71faafc7b43a2946113a67f6d

  • SHA256

    4d3570b47aa54653c383105500047551de5457e05a1d58ed341bfc43c279bcf0

  • SHA512

    760b0ac5571583da4f2836b70cec41eb9d61850d75f6f404abbfc4afec31c81b8f9071091c4534652dc7270a0e2b916043a9391b9dbc2582f4b2c0d3770c35e4

  • SSDEEP

    49152:HvyI22SsaNYfdPBldt698dBcjHD6FFoGBKlUTHHB72eh2NT:Hvf22SsaNYfdPBldt6+dBcjHD6D

Score
10/10
abbaquasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

ABBA

C2

72.18.130.237:7321

Mutex

679ea829-cf42-4e9c-97a1-58411c2e0617

Attributes
  • encryption_key

    EAB4034DBBDD510051D9D34D60A8DB173C15B207

  • install_name

    Update.exe

  • log_directory

    Task

  • reconnect_delay

    3000

  • startup_key

    MicrosoftUpdate.exe

  • subdirectory

    MicroServer

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 4d3570b47aa54653c383105500047551de5457e05a1d58ed341bfc43c279bcf0exe_JC.exe
    .exe windows:4 windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections