General

  • Target

    Client-built.exe

  • Size

    3.1MB

  • MD5

    96ce3568a30aa5cff3bfab3584598c27

  • SHA1

    cb991a58a0b051d58875c2f5c31bac72bafabd44

  • SHA256

    c88083a474e5b7e6ce0fc6a69d40bb0e970d9a4c87f876f2d25dd96c5bc9e43a

  • SHA512

    2952b9e3295959f85c185939033b9db8bf718f6b61e39a43fd4c73465668d7e8ac7d58d8203a8ad40cb8a3bc8be7768b9dde9f7e80cb8fe7fe46d2bb26662529

  • SSDEEP

    49152:+vHY52fyaSZOrPWluWBuGG5g5h9SvMKhZvJECoGdcTHHB72eh2NT:+v452fyaSZOrPWluWBDG5g5hmhH

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Ratted

C2

2111:4782

Mutex

e10c6aee-d1da-439a-b42c-cdd801ad8571

Attributes
  • encryption_key

    3F5B4808528A107542B316F35627537887A253A5

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Loggerv2

  • subdirectory

    SubDir

Signatures

  • Quasar family
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Client-built.exe
    .exe windows:4 windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections