Overview

overview

10

Static

static

10

Client-built.exe

windows7-x64

10

Client-built.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Client-built.exe

  • Size

    3.4MB

  • MD5

    7f685b4f3fe3065347a68e6ffe5f5a05

  • SHA1

    08c976fbbff9fdd03915ffe4a4e2ecb7d53a0664

  • SHA256

    fce6b6db0ba2559a3ea63e88a8c6e586b4081dcfd67a2c3ad134928874ac01d1

  • SHA512

    83e9cae7c0b22183c45aec3dddbca67f985bdf1fea4fe71a531f065d82d13a0c442d81963c9867198845ef957b50b38ac4d34e37cacb7fa1c2f9c836c2ac61d0

  • SSDEEP

    49152:qvuG42pda6D+/PjlLOlg6yQipVO3wGBxevoGdfTHHB72eh2NTFCCVK:qvJ42pda6D+/PjlLOlZyQipV2wZ+CV

Score
10/10
lolquasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

lol

C2

care-somewhere.gl.at.ply.gg:38177

searches-military.gl.at.ply.gg:40496
Mutex

d5886a53-ec83-4626-aef5-bb8de105a691

Attributes
  • encryption_key

    84DBE7346FCC309754363914F6D0E15701AC8428

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Update

  • subdirectory

    SubDir

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Client-built.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections