Overview

overview

10

Static

static

10

b6d27d9de9...18.exe

windows7-x64

10

b6d27d9de9...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    b6d27d9de9c98e06a834b4a5e3fdc8a3_JaffaCakes118

  • Size

    349KB

  • MD5

    b6d27d9de9c98e06a834b4a5e3fdc8a3

  • SHA1

    32e80bb0a35effca77cb6397de418a94437d446d

  • SHA256

    74742ba79b57e06294eb3bfb448a879efa96010e1e9d3b3cdf3a712c5ed124ac

  • SHA512

    b71c11bf1108e5997f350bb097c2acc3eb8dbb568d852b9830d17efa4a140d17b3cb835b489103357cf15abd0b7eeceec36c8249908d13b6bf083dec0e3407e2

  • SSDEEP

    6144:uK2J10qdSlEc39HGX/dcUoOsKNVownkbX+TTbsEAk0G:uKFplKNVo02+TfsEAk0G

Score
10/10
111111111quasar

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

111111111

C2

139.129.54.18:4782

Mutex

QSR_MUTEX_RhXdelp3vz1zkVSxiU

Attributes
  • encryption_key

    DTgqF0OhA9OI0IK5lKb7

  • install_name

    QQProtect.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    QQProtect

  • subdirectory

    Copyright

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • b6d27d9de9c98e06a834b4a5e3fdc8a3_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections