Overview

overview

10

Static

static

10

DiscordClean.exe

windows7-x64

10

DiscordClean.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    DiscordClean.exe

  • Size

    3.1MB

  • MD5

    e40d9df40a13bba33d406ff3a1780449

  • SHA1

    a43ed65b73a1d3d0c130b62258858d3b35bd8fa9

  • SHA256

    17add376de5c606429260436cc6e1ce9bbf2ba5bb2f3ef4fb503434c0c37eada

  • SHA512

    35e0aa7a1124e66b310d4fd368b50162bba8aa9f0e60784e06bbeee9acdd6d66925b87f7c6f009f9ea9fba38f55032a1332ad0e35de2cb745fdc1ded1153b1cb

  • SSDEEP

    49152:7vHz92YpaQI6oPZlhP3ReybewoqnoNSBar7roGdGTHHB72eh2NT:7vT92YpaQI6oPZlhP3YybewoiiSC

Score
10/10
slavequasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Slave

C2

uk2.localto.net:37735

192.168.1.54:443

192.168.1.54:80

82.47.98.176:80

82.47.98.176:443
Mutex

70129915-f2b5-40ef-aa85-96dbc3efa5c9

Attributes
  • encryption_key

    76B28C3E753D8BB017093D2AA2C736559D00B442

  • install_name

    GorillaTag.exe

  • log_directory

    Steam Error Logs

  • reconnect_delay

    3000

  • startup_key

    Steam WebHelper

  • subdirectory

    SubDir

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • DiscordClean.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections