Overview

overview

10

Static

static

10

Client-built.exe

windows10-1703-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Client-built.exe

  • Size

    3.1MB

  • MD5

    e90e2d09506969719fb647ea22ca836a

  • SHA1

    b1322e3274f2a28264a336611058d36ee2fbdfb4

  • SHA256

    48cda8a530fbeed4e346d5a3b1c887cda2b572a431ae704ff8538da53fc40abb

  • SHA512

    d43c1e31749aac41282459385dee8a77315aa18f9f9262d1d489630085fac4ff5b86da36c1f88b81cea386c81faa35e2ebbe195a3d7ea8ccd2d48f818267ca49

  • SSDEEP

    49152:HvZG42pda6D+/PjlLOlg6yQipVfuaEEakGk/mFhoGdDTHHB72eh2NT:HvI42pda6D+/PjlLOlZyQipVfuaG3

Score
10/10
rat-1quasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

rat-1

C2

108.7.192.244:4577

108.7.192.244:4782

192.168.0.75:4782
Mutex

cd296cd0-7f5a-4dbd-b508-3f35b007ca39

Attributes
  • encryption_key

    864B3509DD8F194F0C8DB4FB3D4AA1ED51B68BAD

  • install_name

    builder.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Java Runtime Verification

  • subdirectory

    .minecraft

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Client-built.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections