Overview

overview

10

Static

static

10

TSPEXE.exe

windows7-x64

10

TSPEXE.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    TSPEXE.exe

  • Size

    3.1MB

  • MD5

    daaf45f04534814d78d6bd26d87be867

  • SHA1

    c30e081c889ff9ce6ce8d79b8aa447f76856b635

  • SHA256

    c347888d05cd8a8bc71ae4c3de199fba970fab0e3689f985529224cceafaa767

  • SHA512

    02ef80f1efcaf9e651ea3bc2f0ffa0ac065aad9e934e03f87103fd67a323fee23e7a6872ab48569c5dc02d43e7b6223dcdf76665d7edefbc00c1e42471ed3736

  • SSDEEP

    49152:3vlz92YpaQI6oPZlhP3Reybewo2GR06ybR34oGdWTHHB72eh2NT:3vt92YpaQI6oPZlhP3Yybewo2GR067

Score
10/10
discordslavequasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

DiscordSlave

C2

72.195.133.104:4782

72.195.133.104:83

72.195.133.104:443

72.195.133.104:53

72.195.133.104:110
Mutex

cccde3a0-8750-4fe5-8f89-81af5dba8bf8

Attributes
  • encryption_key

    97D3282EDC7DC8AA18F2A370AF50398268F540BA

  • install_name

    MicrosoftWeb2View.exe

  • log_directory

    Hmm

  • reconnect_delay

    100

  • startup_key

    MicroSoftViewer

  • subdirectory

    Windows

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • TSPEXE.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections