General

  • Target

    uni.zip

  • Size

    1.3MB

  • MD5

    9aab0849ef0117f014b49899edd2e082

  • SHA1

    4e33c7a81a7a68cdb426b2b76fc3641c03b68fb4

  • SHA256

    c4f4b783e9b152a00d5cac8b82d2ae0c74fa848aaa4a524dc5cb81b1576aaab5

  • SHA512

    fef8fca946ec4638353730e9a183717c7631c0257899760fbd58b758481ebe6a7020f68c9f8c6eb8c5ab03febc90256fa48afecd230320faa8bac8b7163d595e

  • SSDEEP

    24576:UEzkWPJeBnqQEzkWPJeBnq3EzkWPJeBnqSEzkWPJeBnqJEzkWPJeBnqcEzkWPJex:UEzkWIcQEzkWIc3EzkWIcSEzkWIcJEzQ

Score
10/10

Malware Config

Extracted

Family

quasar

Version

3.1.5

Botnet

SeroXen

C2

panel-slave.gl.at.ply.gg:57059

panel-slave.gl.at.ply.gg:27892

Mutex

$Sxr-rpL8EItHN3pqIQQVy2

Attributes
  • encryption_key

    Lme7VBS3l58VwLM69PNM

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    SeroXen

  • subdirectory

    SubDir

Signatures

  • Quasar family
  • Quasar payload 6 IoCs
  • Unsigned PE 6 IoCs

    Checks for missing Authenticode signature.

Files

  • uni.zip
    .zip
  • uni/Uni - Copy (2).exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • uni/Uni - Copy (3).exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • uni/Uni - Copy (4).exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • uni/Uni - Copy (5).exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • uni/Uni - Copy (6).exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • uni/Uni - Copy.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections