Overview

overview

10

Static

static

10

Client.exe

windows7-x64

Client.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Client.exe

  • Size

    3.1MB

  • Sample

    240414-f37ddaec46

  • MD5

    a7211537f9c9b39f3b2559fc8aab7072

  • SHA1

    e8713eb98dd78867d2e5bcedb0d826c9a4311b68

  • SHA256

    b3a60960f5fa90fb89bddd4638c7451f5eff7767d66052f3725d49f3124e6291

  • SHA512

    3029cef09335da6e9ff28440f8a06bada0c562a6ea4c096e667cadd1f2f22b909002f1aac704d3b4c6329dea1616c5bae7b2407a9b32a433658a55f820a17ce1

  • SSDEEP

    49152:TviI22SsaNYfdPBldt698dBcjH8iRJ65bR3LoGdjTHHB72eh2NT:Tvv22SsaNYfdPBldt6+dBcjH8iRJ67

Score
10/10
quasarslave

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Slave

C2

140.238.91.110:34353

Mutex

25ab9d56-6ef2-47d3-99aa-2142fbcd41fa

Attributes
  • encryption_key

    8E710985199C6BF86CCE90DA92448A36E2F45F51

  • install_name

    XWormV5.6.exe

  • log_directory

    WindowsUPDLogs

  • reconnect_delay

    3000

  • startup_key

    Windows BIOS Update Checker

  • subdirectory

    SubDir

Targets

    • Target

      Client.exe

    • Size

      3.1MB

    • MD5

      a7211537f9c9b39f3b2559fc8aab7072

    • SHA1

      e8713eb98dd78867d2e5bcedb0d826c9a4311b68

    • SHA256

      b3a60960f5fa90fb89bddd4638c7451f5eff7767d66052f3725d49f3124e6291

    • SHA512

      3029cef09335da6e9ff28440f8a06bada0c562a6ea4c096e667cadd1f2f22b909002f1aac704d3b4c6329dea1616c5bae7b2407a9b32a433658a55f820a17ce1

    • SSDEEP

      49152:TviI22SsaNYfdPBldt698dBcjH8iRJ65bR3LoGdjTHHB72eh2NT:Tvv22SsaNYfdPBldt6+dBcjH8iRJ67

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks