Overview

overview

10

Static

static

10

acfbcffe57...f0.exe

windows7-x64

10

acfbcffe57...f0.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    acfbcffe5730ef33a9497e56f399bac48fd85646f4320caa3cdc9445472cbff0

  • Size

    3.1MB

  • MD5

    bdc4cc77867d6c9022188f54dc88550d

  • SHA1

    d4dd82001d72ec2b5dc776b9b4854143154f52ba

  • SHA256

    acfbcffe5730ef33a9497e56f399bac48fd85646f4320caa3cdc9445472cbff0

  • SHA512

    a84b9a3a8be0b1cc74b3bcff198910d92f72026ebbce68b85986dc778ce3256e9e0302348c50b3f29ec17c050401e0ce8fe992de156c17ce0ce064ef8441d2f0

  • SSDEEP

    49152:WviI22SsaNYfdPBldt698dBcjHJXRJ69bR3LoGdsJTHHB72eh2NT:Wvv22SsaNYfdPBldt6+dBcjHJXRJ6Pc

Score
10/10
galaxyswapperv2quasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

GalaxySwapperV2

C2

REEDIX:1001

Mutex

13b8ad05-725e-4fa1-97fd-38cb32e09b8e

Attributes
  • encryption_key

    C6447A0A547E719805FA319596442046A61E4D1C

  • install_name

    GalaxySwapperV2.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    GalaxySwapperV2

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • acfbcffe5730ef33a9497e56f399bac48fd85646f4320caa3cdc9445472cbff0
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections