Overview

overview

10

Static

static

10

NEAS.90155...JC.exe

windows7-x64

10

NEAS.90155...JC.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    NEAS.901551f43436ee34d1776a82759e8e0ebb0ef629412699a806c75b9e938c21f6exe_JC.exe

  • Size

    3.1MB

  • MD5

    8ce7767eac028e5ebb49abf2d5cda701

  • SHA1

    e7d58f89ba1b43b1658e56ea547e76fdcadc5e7f

  • SHA256

    901551f43436ee34d1776a82759e8e0ebb0ef629412699a806c75b9e938c21f6

  • SHA512

    4e025eb73b6cdb0cd325744f65dd774b26c336d10705532e423f0a472acdbdcd01d2c0083bde16feab1c7ceb7082c2f8991d8de75209ac0e0ce4fe0d74aa60e0

  • SSDEEP

    49152:KvIt62XlaSFNWPjljiFa2RoUYIhd1SLoGdUhTHHB72eh2NT:KvE62XlaSFNWPjljiFXRoUYIhd1c

Score
10/10
stryzonquasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Stryzon

C2

163.5.215.216:4788

Mutex

bcc28082-d6a5-4822-a666-ae7591874610

Attributes
  • encryption_key

    3A40D6B91D59D02A5A9A9C51CE2621E896F45286

  • install_name

    update.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    update

  • subdirectory

    Temp

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • NEAS.901551f43436ee34d1776a82759e8e0ebb0ef629412699a806c75b9e938c21f6exe_JC.exe
    .exe windows:4 windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections