General

  • Target

    4568557191778f07e87931a3cb8bb19f.bin

  • Size

    295.2MB

  • MD5

    4568557191778f07e87931a3cb8bb19f

  • SHA1

    2de50b104aaa20166ac4a5ca54ffa2f7a10967ff

  • SHA256

    10749906bc204c15934fdba1c3c5bb113156aadacd47d8609a3e543620f05c9a

  • SHA512

    e29c43a141e5b83bb83bbb2cb86ce7b2b100163e1ec5557522cf4b6c5d2e83066539b4359f0adce282517300d5ce988e7c7f88a03b8d984c303a49033b915d6c

  • SSDEEP

    6291456:iw1tbMVOw5GAdBLYWk8KmMzMr+Z3NaUSCs5rTZ/eLRl5:i8QhooYQKtzMr+ZdG/Y

Malware Config

Extracted

Family

quasar

Attributes
  • reconnect_delay

    3000

Signatures

  • Detect Umbral payload 1 IoCs
  • Njrat family
  • Quasar family
  • Quasar payload 1 IoCs
  • Umbral family
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • HTTP links in PDF interactive object 1 IoCs

    Detects HTTP links in interactive objects within PDF files.

  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

  • NSIS installer 1 IoCs

Files

  • 4568557191778f07e87931a3cb8bb19f.bin
    .zip

    Password: infected

  • vir.exe
    .exe windows:4 windows x86 arch:x86

    Password: infected

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections