Overview

overview

10

Static

static

10

NEAS.5abb3...9b.exe

windows7-x64

10

NEAS.5abb3...9b.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    NEAS.5abb3690139201632ca77d335dc003268eaf58f2fa0736fb187d843e597a2c9b.exe

  • Size

    3.2MB

  • MD5

    1a4a945ed20a34f5fdc62cb27ff15333

  • SHA1

    dedc6d99553606c74fc3ad259b971a5ca1bed538

  • SHA256

    5abb3690139201632ca77d335dc003268eaf58f2fa0736fb187d843e597a2c9b

  • SHA512

    1f812a1fc2f0060da8d3b2a663ddeea67954b5e8424d98eccab81b4e96eb76735da8043dbe591d5e7babda1bf7337111928e7b385bf098b403758b096a01efc2

  • SSDEEP

    49152:9vQlL26AaNeWgPhlmVqvMQ7XSKzGR16vbR3noGdqTHHB72eh2NTL:9v4L26AaNeWgPhlmVqkQ7XSKzGR16JH

Score
10/10
defaultquasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Default

C2

f8terat.ddns.net:4782

Mutex

006867f1-15cb-40f2-a771-8acaa1fef5d7

Attributes
  • encryption_key

    DDB24237F8FF55EA54D16D632803B9768C4C17E0

  • install_name

    defender.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Windows Defender

  • subdirectory

    Windows Defender

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • NEAS.5abb3690139201632ca77d335dc003268eaf58f2fa0736fb187d843e597a2c9b.exe
    .exe windows:4 windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections