Overview

overview

10

Static

static

10

534de4e718...6c.exe

windows7-x64

10

534de4e718...6c.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    87f75a6d940a2eccb60a7b464c91d8a0.bin

  • Size

    1.2MB

  • MD5

    3c2b50fc5e77e373405c161a00745d6b

  • SHA1

    09c533ea12c39aafb7210bc59c9f0db23363d912

  • SHA256

    056325a05c57cb7eaf01943d3cce5f4dd8ee494bb3ed783039b8516c53ffb7a4

  • SHA512

    af4965de568288c95abd6a197dc6c761dcaffe4b73e64e1c22122e612b86a5fc67505f9a25ddb7bf6b00d57990facb2e8a1ea103631d7e7158a7e01acbcf3f24

  • SSDEEP

    24576:O1s0jQadIE4QvqOkGxmY82aSADTh8iMn5+HrlGWhsocUlW6BSus:OmYPIE4QCJGBaSAZ8iA5+LlfioXlN4b

Score
10/10
用户quasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

用户

C2

222.211.73.134:5666

Mutex

4808cc92-8861-478a-93c6-5dcdf4b71709

Attributes
  • encryption_key

    7ACC9A3244425C97D532F4AEAF9D3C292992E14D

  • install_name

    svchost.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Svchost

  • subdirectory

    DismYH

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 87f75a6d940a2eccb60a7b464c91d8a0.bin
    .zip

    Password: infected

  • 534de4e71840d12e43eb51ce41a594120695573da71989667c71afa614ad656c.exe
    .exe windows:4 windows x86 arch:x86

    Password: infected

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections