General

  • Target

    Sexy.exe

  • Size

    409KB

  • MD5

    4c5faec89139e079202a5208d49ed5a0

  • SHA1

    f26bf551e191af0dd01b5d39ae0c8489d94a877e

  • SHA256

    bbecd1e502693965f493ecb6a611dd86dc71b4bcb8471cf4c459d0b44e9f6378

  • SHA512

    5d31a95a76a2d17967f685b47823682f8301164ee9386f267f2ce28b866429dfb48aa7ef7cb21a7ab8b732286fb99eee989d10e5040ea69a361ba83b0b22ec64

  • SSDEEP

    12288:iBwz9kOUJIOSQoxdKIT00N2f3DPcCYDVouW5:i+JLOsVRi3YCYg

Score
10/10

Malware Config

Extracted

Family

quasar

Version

3.1.5

Botnet

SLAVE

C2

147.185.221.19:33587

Mutex

$Sxr-zpFqsQjJJh3miBvVnu

Attributes
  • encryption_key

    LxGS9iJRjIMm1rV0MEzT

  • install_name

    BiosUpdX64YDPS.exe

  • log_directory

    $sxr

  • reconnect_delay

    3000

  • startup_key

    $sxr-mtsha

  • subdirectory

    Windows

Signatures

  • Quasar family
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Sexy.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections