Overview

overview

10

Static

static

10

4c5517f7d4...18.exe

windows7-x64

10

4c5517f7d4...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    4c5517f7d4f0e77f98f8c3f033ac0269_JaffaCakes118

  • Size

    255KB

  • MD5

    4c5517f7d4f0e77f98f8c3f033ac0269

  • SHA1

    fc4c6890bb5cb90d4492995b0f18d9cea022a9a2

  • SHA256

    98428fa8e72274d66f364f230fd1800f6c79f9a82b302e796234cf93e889eb87

  • SHA512

    aea401db7f8f533f079702aaa5c2013ba94d18cd839267ebf00c079d36689711a6f10ada957d6d876b8906c778811f41b71ca8ce52f06a156ba0f2ad966b5403

  • SSDEEP

    6144:GunF3/mw+NhZ7cJfqG0K+UvhvEnbEsxM0i:GEJiG0KXsxM0i

Score
10/10
infectquasar

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

INFECT

C2

159.203.16.166:8383

aylmao1337.tk:8383
Mutex

QSR_MUTEX_dgkusG8Joof1DH7joH

Attributes
  • encryption_key

    fyU8ilcpYcOXqkxlxJir

  • install_name

    SysInterrupts32.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    System interrupts

  • subdirectory

    Microsoft

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 4c5517f7d4f0e77f98f8c3f033ac0269_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections