Overview

overview

10

Static

static

10

a53a585de9...87.exe

windows7-x64

10

a53a585de9...87.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    a53a585de940ceb15a7b30f6d6157b0e9722d7b81cea4a2dadb1f0c7410fae87.exe

  • Size

    916KB

  • MD5

    fb57053d7202dbaca1e71a649047597f

  • SHA1

    b5c39ce77aa7c9a0f5f044eb887fb4baec3ce0db

  • SHA256

    a53a585de940ceb15a7b30f6d6157b0e9722d7b81cea4a2dadb1f0c7410fae87

  • SHA512

    fe4f64695c0121180b2a0829f82cee6de42170d17b34125f1ac0741580e58c1c282ea1bc5d1a0c8a3ae597f3e2dc014c8980416a2bfdcf30db98df984cf1ab43

  • SSDEEP

    24576:tmkdueXjq0OQKc2YSEegpQRDLusJLK1lkyoLP:IkdueXjq0OQKc2YSEegpshk1lk

Score
10/10
backupquasar

Malware Config

Extracted

Family

quasar

Version

2.8.0.1

Botnet

backup

C2

45.40.96.164:5552

Mutex

4zqoNUTZKMvnLHkoUD

Attributes
  • encryption_key

    S2EJJjFXQqrAnFg7XBWE

  • install_name

    Registry.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Hotels Client Startup

Signatures

  • Detects Windows exceutables bypassing UAC using CMSTP utility, command line and INF 1 IoCs
  • Detects Windows executables referencing non-Windows User-Agents 1 IoCs
  • Detects executables containing URLs to raw contents of a Github gist 1 IoCs
  • Detects executables embedding command execution via IExecuteCommand COM object 1 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Detects file containing reversed ASEP Autorun registry keys 1 IoCs
  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • detects Windows exceutables potentially bypassing UAC using eventvwr.exe 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • a53a585de940ceb15a7b30f6d6157b0e9722d7b81cea4a2dadb1f0c7410fae87.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections