General

  • Target

    vir.exe

  • Size

    311.5MB

  • MD5

    eb9490492b00c4f14cf133acf95edfe4

  • SHA1

    1d903edafd1429d1554d5b4298496f96129e388b

  • SHA256

    f0025dabe2f4c075dbe09bc534dbe94939d0ae6d45ee4450ec7943fa36fb09cc

  • SHA512

    175f1da82762237282390a3dc1be3164c81b3416514b2bfd16eb1b51e50a9bbabce809baf5f68dad6720df73d5bbedc736999597063ebb9070396cb910d98b72

  • SSDEEP

    6291456:Y2qVJw+odBeWFv1k4R4b0ewZkhT4ofHwJjvZDQPf2tLSkHldHVeVM:rr+WeSWgfecGT4RjvqP85TAK

Malware Config

Extracted

Family

quasar

Attributes
  • reconnect_delay

    3000

Signatures

  • Detect Umbral payload 1 IoCs
  • Njrat family
  • Quasar family
  • Quasar payload 1 IoCs
  • Umbral family
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • HTTP links in PDF interactive object 1 IoCs

    Detects HTTP links in interactive objects within PDF files.

  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 1 IoCs

Files

  • vir.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections