Overview

overview

10

Static

static

10

61f96bed11...AS.exe

windows7-x64

10

61f96bed11...AS.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    61f96bed11f1f4369640c1e8d527d410_NEAS

  • Size

    492KB

  • MD5

    61f96bed11f1f4369640c1e8d527d410

  • SHA1

    7a7b601bad06d344a0e1cb52b336203ed9b6709f

  • SHA256

    b737af7a4960cb85736182b61bd53eaf5f19d5f0387cbb83f65ad20f946d517a

  • SHA512

    114c362e6d7e5fd89d1d48b68586845d395e58fe5dd159296a6f9353d853c16878312cd89d723eaf30f49c83dc28d31882b3c6aca082a18e5a4b0a289f3c6617

  • SSDEEP

    12288:8AxKUfp0M5AstNgeiDU8CZpDofHNw/pBf:8MHp0M6cg3DU8C7DWNGV

Score
10/10
quasar

Malware Config

Extracted

Family

quasar

Attributes
  • reconnect_delay

    5000

Signatures

  • Contains code to disable Windows Defender 1 IoCs

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 61f96bed11f1f4369640c1e8d527d410_NEAS
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections