Overview

overview

10

Static

static

10

NEAS.c99d3...40.exe

windows7-x64

10

NEAS.c99d3...40.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    NEAS.c99d3a7be344d1c675b3ecaa5a1c3640.exe

  • Size

    3.1MB

  • MD5

    c99d3a7be344d1c675b3ecaa5a1c3640

  • SHA1

    9c816ceb1b471a7b211ceae3d636d5a6b3ea0347

  • SHA256

    058c7f18b24e23798a96ee1e47ee88a44df0d7f0ab2f6170b1b5c8bafa6dd2e3

  • SHA512

    aaaad515602a65a9ebdbf407c37c1368733a297472d27b37eba1ff8638960714099d6e51c6197febbf8e4813c50625d5b017f3a75f642c670c7955fdbdd9cf32

  • SSDEEP

    49152:GvHI22SsaNYfdPBldt698dBcjHyMGk19h8vJpLoGdiTHHB72eh2NT:Gvo22SsaNYfdPBldt6+dBcjHBhc

Score
10/10
dulli01quasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Dulli01

C2

178.254.32.61:4782

Mutex

b18e70cd-5fa5-4f74-be26-fab3eb57c0da

Attributes
  • encryption_key

    84CA06498F6AF399317A7041BCDA32BCEEF6A046

  • install_name

    updater.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    TeamsUpdate.exe

  • subdirectory

    ChromeUpdateAgent

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • NEAS.c99d3a7be344d1c675b3ecaa5a1c3640.exe
    .exe windows:4 windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections