Overview

overview

10

Static

static

10

ff6bca1de3...79.exe

windows7-x64

10

ff6bca1de3...79.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ff6bca1de3cdee94dbab54bead00bb5bdd07a39764354465b9fc1bd10674e779

  • Size

    3.1MB

  • MD5

    0e896c246555f7fde30b3a61c6201374

  • SHA1

    5ebc659d5a4931d01a3b3f817f284fe6a9c99a27

  • SHA256

    ff6bca1de3cdee94dbab54bead00bb5bdd07a39764354465b9fc1bd10674e779

  • SHA512

    7419c02c887465e90233252a42ab25bffe3e51c06146d5dd2d001dd2aff166520a94e780b210a469f6a535b8374731f9e1ad6009ea0a3269bcc0f8b5f22ad3db

  • SSDEEP

    49152:uvKI22SsaNYfdPBldt698dBcjHVga7oGoDtTHHB72eh2NT:uvn22SsaNYfdPBldt6+dBcjHVgi

Score
10/10
clientquasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Client

C2

Svmzii-27002.portmap.io:27002

Mutex

839d026d-0fbd-4b20-8ef2-0193e139e9c7

Attributes
  • encryption_key

    3DC981C7212E1AB2060DB562AA50C4F27C33BB7F

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • ff6bca1de3cdee94dbab54bead00bb5bdd07a39764354465b9fc1bd10674e779
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections