Overview

overview

10

Static

static

10

7c68eaea44...ed.exe

windows7-x64

10

7c68eaea44...ed.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7c68eaea44f486a4781fc20063c44c266b1cd49754a2edd631e8dc880e8423ed.exe

  • Size

    348KB

  • MD5

    4bc715aebb29709c99306b61e186ff5c

  • SHA1

    b4ee0a1f126325dd73682bc97082f7d7dd8b277b

  • SHA256

    7c68eaea44f486a4781fc20063c44c266b1cd49754a2edd631e8dc880e8423ed

  • SHA512

    f09764c4b8fa1ae33efdd01d2379e949721365cda235ffe931eb853a2db7770ae6325d73313ade5bf894fed1f4a6714adcf8a16a33f88e7f6e76695e7aa7232d

  • SSDEEP

    3072:Vrrt+8Hiefcu00MKpyDcsvKyedlrEDDAlJR3mwQQ2scEThmbnrcBlAbEXKd8OaEt:VvNHXf500M2igtYx9bKKdNanqhMPp9u

Score
10/10
proxyquasar

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

PROXY

C2

reverseproxy.con-ip.com:4001

Mutex

QSR_MUTEX_l1M93VuqIyiH8hEQ4I

Attributes
  • encryption_key

    kGygUcY52e8ifTReqg0x

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    1

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Signatures

  • Detects Windows executables referencing non-Windows User-Agents 1 IoCs
  • Detects executables containing common artifacts observed in infostealers 1 IoCs
  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 7c68eaea44f486a4781fc20063c44c266b1cd49754a2edd631e8dc880e8423ed.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections