Overview

overview

10

Static

static

10

B-VALDI.exe

windows11-21h2-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    B-VALDI.exe

  • Size

    3.1MB

  • MD5

    14d0aa2e3f125fce7f70c0fb984ddc6f

  • SHA1

    164eb0108d32aa009a471242461046a94650971d

  • SHA256

    dd11a2a82c24a8e59a1c9e9a04e492e02369fe331a760ca4bd305ee4aa42362c

  • SHA512

    2d7522077267e839211808e1ca00fe0bdaf34ff389d78241410fd52d8d9b0eeafdaed2b6447f8bdd2ef6e7d2095c32ee44f407e53a99c7d016c6da819f3b65c7

  • SSDEEP

    49152:zvKe821/aQWl8P0lSk3aKA3Z+np62c6XvaMJLodwuTHHB72eh2NT:zvh821/aQWl8P0lSk3DA3Z+nU29XL

Score
10/10
diukquasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

DIUK

C2

elpepemanca.ddns.net:34401

locotron4444.duckdns.org:8081

locotron4444.duckdns.org:34401
Mutex

4fd76d99-b13c-409d-8d1e-2809266e631d

Attributes
  • encryption_key

    CE1F4EF37E14F7CB693D9CC8186595D4A4AE5A41

  • install_name

    Windows.exe

  • log_directory

    Logs

  • reconnect_delay

    1

  • startup_key

    explorer.exe

  • subdirectory

    System

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • B-VALDI.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections