General

  • Target

    3a9e31e398e0f96a8c0e7a8d99a2dc36da74056be0882d97ba2cad813190b09d

  • Size

    3.1MB

  • MD5

    7c286bfc44121880fd6f519cef8dbb76

  • SHA1

    f63c551d27e7dcaa8391efb6efc8e3edbb5405de

  • SHA256

    3a9e31e398e0f96a8c0e7a8d99a2dc36da74056be0882d97ba2cad813190b09d

  • SHA512

    9c7ff4e205b75d6e342a26e1d35db0fcc5e1dd86ad61726606a4f8f3fceb749a175d4c93f12157182e26c798dc9faacb3787c79b61d90698d3589b049d2a8b55

  • SSDEEP

    49152:GvXI22SsaNYfdPBldt698dBcjHU6DkE2Hsk/+FgoGdn+fTHHB72eh2NT:GvY22SsaNYfdPBldt6+dBcjHU6DJeu

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Sys32

C2

180.195.205.155:4782

Mutex

cb2c21d0-caea-4e5b-aec0-8169b705d768

Attributes
  • encryption_key

    9A4F139DB2DACE4C19ACED3CE2C37A9E9F5329AA

  • install_name

    Sys32.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Signatures

  • Quasar family
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 3a9e31e398e0f96a8c0e7a8d99a2dc36da74056be0882d97ba2cad813190b09d
    .exe windows:4 windows x86

    Password: infected

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections