Overview

overview

10

Static

static

10

F486525A68...6D.exe

windows7-x64

10

F486525A68...6D.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    F486525A68BB238B6BF1CB38ABDC4B6D.exe

  • Size

    3.1MB

  • MD5

    f486525a68bb238b6bf1cb38abdc4b6d

  • SHA1

    6d8fb002cd762815e7f2c5bd8894bb3ebaf1803a

  • SHA256

    3309f416d4a2e161d05575e4e37b1575d3da3a935bca942f08af5ee1a2d3ed5e

  • SHA512

    25cfd7b6dfa6a41d7fe0f9cc1a2884bcb20327df23ff1df2f1fec2b6493746f0e7e6db28f186d40a37a7f0dc97de507191b8b5d15cccbcc38b069b0e75613da9

  • SSDEEP

    49152:mvAt62XlaSFNWPjljiFa2RoUYIsJRJ60bR3LoGdI5aTHHB72eh2NT:mvs62XlaSFNWPjljiFXRoUYIsJRJ6+

Score
10/10
lh用户quasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

LH用户

C2

222.211.73.134:5766

Mutex

9038eedc-27cc-4d33-89ee-58d63663290c

Attributes
  • encryption_key

    7ACC9A3244425C97D532F4AEAF9D3C292992E14D

  • install_name

    svchost.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Svchost

  • subdirectory

    DismLHYH

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • F486525A68BB238B6BF1CB38ABDC4B6D.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections