Overview

overview

10

Static

static

10

Client-built.exe

windows7-x64

10

Resubmissions

14/06/2024, 07:31

240614-jcvtfatfqp 10

14/06/2024, 07:26

240614-h92gtateqq 10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Client-built.exe

  • Size

    3.1MB

  • MD5

    7f113430d45982dd16a92095a0734593

  • SHA1

    7c054a7e0ded31b23b94f59159b47df5e37135dd

  • SHA256

    bba5ce847c62bb82236b5c5e9469f24d7f8f3d605bfaf4b5c5901b4fad1b84ac

  • SHA512

    c17264d90431123207abd10998c4f8e068a7fcba7ab9763952741c52eccd80791bc48e2a053eec51499d9c2ae8a7f454f9ab74b0970fc219c57dd49a244753a1

  • SSDEEP

    49152:/vblL26AaNeWgPhlmVqvMQ7XSKGH4ooGdtOTHHB72eh2NT:/vBL26AaNeWgPhlmVqkQ7XSKGHT

Score
10/10
triagequasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

triage

C2

daongochuy.ddns.net:5899

192.168.1.70:5899
Mutex

f780d9fa-685c-409a-be9a-662a1160ec3e

Attributes
  • encryption_key

    DA58166FE3472BA10368FA5F4736C40EA43CDD81

  • install_name

    winrmt.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Windows Device Manager

  • subdirectory

    WindowsManager

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Client-built.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections