Overview

overview

10

Static

static

10

host.exe

windows7-x64

10

host.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    546db3fcd7e65363457a2fb3d10ac617.bin

  • Size

    165KB

  • MD5

    546db3fcd7e65363457a2fb3d10ac617

  • SHA1

    7b086f07a02eed0c5706b0e9b6824505a0414120

  • SHA256

    be89472c81e89ff3fe48fb7ad18489e2f6db45abfe118f6eb4eeb6f01977fcdd

  • SHA512

    aec2989caf11c45702060325f90a2ff246393088d2d008ce95697b8a7e876e60968c46f08006a4bde9cb6b4191c3c59227b1e24704dc93f934d0d0678a55418f

  • SSDEEP

    3072:MkP4EDV8Ijf4Rbq0xsa/+cM7UYrJuvfa2fGTEiLmvqOpQaQLGmPvucqPf1S+Ow:4EDVJ4xya/XMwYr4vjfwAv7pQaeXPWc+

Score
10/10
crypto new 2quasar

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

crypto new 2

C2

youtubevideos.duckdns.org:60

Mutex

QSR_MUTEX_UW2Q1R9Nhq2Wep6ciM

Attributes
  • encryption_key

    XlkPQVgFSxZI2YKrxURt

  • install_name

    host.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    host

  • subdirectory

    System32

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 546db3fcd7e65363457a2fb3d10ac617.bin
    .rar
  • host.exe
    .exe windows:4 windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections