Overview

overview

10

Static

static

10

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    c51d5d9f26091b859c64a0da81fd56382af4edf3137b4683763105f9b8d56cea

  • Size

    7.6MB

  • MD5

    c228f16074d1919a6bf30642a6e6541e

  • SHA1

    9857bac629403dad58ec15bb426bf5e6f5a006d7

  • SHA256

    c51d5d9f26091b859c64a0da81fd56382af4edf3137b4683763105f9b8d56cea

  • SHA512

    4f6bfa528305a754a11f9671641edab9f5136e71ae9fe3620948b8771ab70230ef233c4278116b86dafa1b6cf9fe46f525a4bc46e679db95f5307c6211e0f383

  • SSDEEP

    49152:FZtYpRqQM9Gdyd1hSparhzALoMwxrh/jjn5VlAOfTHHB72eh2NT:F7YpRXM9Uyd1hS45ALqxrxjT

Score
10/10
emberquasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Ember

C2

Federal113-29694.portmap.host:29694

Mutex

饿克i贝色G6.XKRa3-豆!CZ✪2$AlI✪S#ㄱk耻Lrqw克aTA克QWå贝P豆维u✪A5m埃f.维aUKP(syRi8>V.YB?贝

Attributes
  • encryption_key

    0F344851C1D4104A0E09DA384633F01B901B2D40

  • install_name

    $embr-client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    $embr-Ember

  • subdirectory

    $embr-Ember

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • c51d5d9f26091b859c64a0da81fd56382af4edf3137b4683763105f9b8d56cea
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections