General

  • Target

    c88caddc2a450135e7f7d36d8b9857628b96f97b67d782025b229034d34f9582.exe

  • Size

    3.1MB

  • MD5

    c4497b459274cec0b9fd6e3ac6c67aaa

  • SHA1

    1c8b8e42b8284b6dc2d2741850a9c01c07a5088f

  • SHA256

    c88caddc2a450135e7f7d36d8b9857628b96f97b67d782025b229034d34f9582

  • SHA512

    bf64fd7a95dedd703a04cf661b35ebaa343dd7b2e907d1de20d16bcb91259b76ba9f80a817d391487eb5c4f549658ba545673b3b3f26cc45e0a16fecfff01c24

  • SSDEEP

    49152:Cvguf2NUaNmwzPWlvdaKM7ZxTwW3xbbRYLoGd7THHB72eh2NT:Cv/f2NUaNmwzPWlvdaB7ZxTwW3xQ

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

50 installs

C2

217.63.234.90:4444

217.63.234.90:1313

127.0.0.1:1313

Mutex

ef23a66e-d8e1-48c7-a533-50e2b78bea4a

Attributes
  • encryption_key

    6B0D9CDFBF22251A89F554E059B7463C8CDE0F0C

  • install_name

    svchost.exe

  • log_directory

    Logs50spread

  • reconnect_delay

    3000

  • startup_key

    svchost.exe

  • subdirectory

    SubDir

Signatures

  • Detects Windows executables referencing non-Windows User-Agents 1 IoCs
  • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers. 1 IoCs
  • Detects executables containing common artifacts observed in infostealers 1 IoCs
  • Quasar family
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • c88caddc2a450135e7f7d36d8b9857628b96f97b67d782025b229034d34f9582.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections