Overview

overview

10

Static

static

10

624b5682f9...ef.exe

windows7-x64

10

624b5682f9...ef.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    624b5682f917d426ce2a4d1ec03fb5ef

  • Size

    1.0MB

  • MD5

    624b5682f917d426ce2a4d1ec03fb5ef

  • SHA1

    379757ca4ab81f1c224ab9440a4c828286513808

  • SHA256

    57f21a762965de14502e74ded173e8e81e569fa7236819c3d4ce7804fa119d50

  • SHA512

    eef5274e53a85b0bf6c37e858b3b7dd880b12ef9a3ba31b20951f448e9ef76da921818634957a862316ef111f16bbc91bb71bf00a2872c48f31e4b32de4cd6de

  • SSDEEP

    24576:YkY5kMJDyGouUqg75HVDBvdKjAgYudelJ6Avr29:V4kMJDyGouUqg75HVDBvdgrdelcm

Score
10/10
123quasar

Malware Config

Extracted

Family

quasar

Version

2.7.0.0

Botnet

123

C2

2.tcp.ngrok.io:16021

2.tcp.ngrok.io:14032
Mutex

ACq4BPNVEhlXf66pqs

Attributes
  • encryption_key

    54GiDZOdbh066qkohQsM

  • install_name

    123.exe

  • log_directory

    Logs

  • reconnect_delay

    1000

  • startup_key

    Venom Client Startup

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 624b5682f917d426ce2a4d1ec03fb5ef
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections