General

  • Target

    YsterBeta (1).exe

  • Size

    3.1MB

  • MD5

    67ac5cc1e6f46f67a60ce5c60915d6d2

  • SHA1

    293dc38dfac829e1e48aa5140800b8aad8c1eea0

  • SHA256

    0ad0e315dd7377012efdd217452ec0b9d6de9556905f8120bb9f8b81a5be3b64

  • SHA512

    2f6f4fd380535f5995370a553980cbd7b2ad68ed96d1fc86d6a5312fbb451fddcb7d72c8902ba00f16f036f7562ff7fb48d953e589f6946e40d0a88d98f7a1e4

  • SSDEEP

    49152:rvyI22SsaNYfdPBldt698dBcjHUb80bRALoGduETHHB72eh2NT:rvf22SsaNYfdPBldt6+dBcjHUb8r+

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

1

C2

192.168.1.206:4782

Mutex

3d594109-9b96-448b-a42f-083e0f32532c

Attributes
  • encryption_key

    2356FE514435520CC763B0676425361D32814C71

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Signatures

  • Quasar family
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • YsterBeta (1).exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections