Overview

overview

10

Static

static

10

c430f8a55f...76.exe

windows7-x64

10

c430f8a55f...76.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    c430f8a55f610a2e7f4e5d68666dddfa69de6631397e8ba352399f8f45601e76

  • Size

    4.2MB

  • MD5

    54f1fc13b8f06c9a90dac64c72ee1f2d

  • SHA1

    2a071b6e7a721450fa766cd50266d6de4c94a711

  • SHA256

    c430f8a55f610a2e7f4e5d68666dddfa69de6631397e8ba352399f8f45601e76

  • SHA512

    9a83672e9bcf8c954aaa264312d809f7e952e447fc984aa96767dd5df5e2e8fbbef772a0d73d005fd083d06c25f143c649a745043e2c077a3b7e14aa33b17d05

  • SSDEEP

    49152:850eFxDaUoE0a2DNxOHjRA4roW5p0wsXLywhMKwBLStyGwkHHno2ehXNw:85YUMxOHjRA4roWr0dB2

Score
10/10
amduserquasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

AMDuser

C2

eliminatorhost.servegame.com:4782

bgxhost.servegame.com:4782
Mutex

a984cc89-bf39-47ce-bf50-048a873b99d8

Attributes
  • encryption_key

    E586381231D01A9129F9797D0A5958ED0E4DC427

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • c430f8a55f610a2e7f4e5d68666dddfa69de6631397e8ba352399f8f45601e76
    .exe windows:4 windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections