General

  • Target

    baritone.exe

  • Size

    502KB

  • MD5

    bf1f011e9664823aeb1c386eeb9e5c90

  • SHA1

    3a15112a330446b895811549a857d0d92763cf1a

  • SHA256

    412693c6a8fa7142d55bdca7f0473ba66582155399b49f7eacee55f4d78dfd7a

  • SHA512

    584dfe97edefc6c8f8d96a3589fbf84701846a16f6c71625772c3a56763bb51303c476c808f9e68c55899f5e61ee2a98f7805f54703b62838b8cc9b65715bb44

  • SSDEEP

    6144:NTEgdc0YxXAGbgiIN2RSBDuZnqUBlh/eKTFwQHocEAAb8F98IHsyzMcTR3u:NTEgdfYtbgvuIA5FwQj+HyzMcdu

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

infectado

C2

elpepemanca.ddns.net:3440

192.168.0.14:3440

Mutex

2d163b2b-eaf2-4077-9c9f-de0b77680d93

Attributes
  • encryption_key

    82A217D42F0FCA4A09032979DC25A2A7FD7E9698

  • install_name

    explorer.exe

  • log_directory

    crash_report

  • reconnect_delay

    3000

  • startup_key

    explorer.exe

  • subdirectory

    windows

Signatures

  • Quasar family
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • baritone.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections