Overview

overview

10

Static

static

10

37b810b19d...a2.exe

windows7-x64

10

37b810b19d...a2.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    37b810b19d1cd5c18e78d0b2e24a58e79a023ad95350d4fcfef53364ab61cda2

  • Size

    3.2MB

  • MD5

    fec3874b32571333cc6bf642a574a403

  • SHA1

    dc6d81569b6862bde11a58213d6919ab4d5420bc

  • SHA256

    37b810b19d1cd5c18e78d0b2e24a58e79a023ad95350d4fcfef53364ab61cda2

  • SHA512

    5a1a6d8b08c72b28b068d4618a226199925339ace0f3fd6b50dfee0a31656295acc7b2d2f735de8d9d009246d8975b2d5df863f4adf521f950bafb9185e4ea79

  • SSDEEP

    49152:wvXlL26AaNeWgPhlmVqvMQ7XSK5+Nd+I5o9dPfpTHHB72eh2NT:wvVL26AaNeWgPhlmVqkQ7XSK5+Nd+6Q

Score
10/10
plutoclientquasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

PlutoClient

C2

77.91.73.70:1488

allah420.ddns.net:1488
Mutex

d334872f-902e-4624-b0c9-54e2d5f7224c

Attributes
  • encryption_key

    F3B88DE4D71B41492724C71AC144601B07337E19

  • install_name

    NvidiaManager.exe

  • log_directory

    NvidiaDATA

  • reconnect_delay

    5000

  • startup_key

    Nvidia Manager

  • subdirectory

    NvidiaDRV64b

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 37b810b19d1cd5c18e78d0b2e24a58e79a023ad95350d4fcfef53364ab61cda2
    .exe windows:4 windows x86

    Password: infected

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections