Overview

overview

10

Static

static

10

Client-built.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Client-built.exe

  • Size

    3.3MB

  • MD5

    d5228d8272c425d9aa1af3a1ab93d9fd

  • SHA1

    f88b9a56ed8377a277a8a6b7b09d01779824fae8

  • SHA256

    f1512bfeff65f189db2ba206fe9b51764b67e60526c3d1c0482feff63a4fa95b

  • SHA512

    d92d45cc8ac140e7581d743a365e2a943a983e83195f5e363ebf72ab7ba98a772099103bdb2909728cd65e4262d5505e55e795b1a00bdfb9c8d9df9c852e8741

  • SSDEEP

    49152:0v8go2QSaNpzyPllgamb0CZof/JZXxNESEuk/iWLoGdqITHHB72eh2NT:0vNo2QSaNpzyPllgamYCZof/JBxdY6

Score
10/10
fajnygoscquasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

FajnyGosc

C2

none-vocals.gl.at.ply.gg:47745

none-vocals.gl.at.ply.gg:2137

147.185.221.17:2137

147.185.221.17:47745
Mutex

a43b504c-d3c0-453a-96d2-1e0097cafb65

Attributes
  • encryption_key

    AD8872181A3CA4A71BFAE37CA853D97218D094EE

  • install_name

    NewCheats.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Miicrosoft Security

  • subdirectory

    Miicrosoft Security

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Client-built.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections