Overview

overview

10

Static

static

10

Nova Ware V3.exe

windows11-21h2-x64

10

Resubmissions

16/07/2024, 08:06

240716-jzfyssvhjc 10

15/07/2024, 17:08

240715-vnsc8stcja 10

14/07/2024, 10:47

240714-mvh45szcrb 10

14/07/2024, 10:44

240714-ms7pqaxbml 10

14/07/2024, 10:41

240714-mq9fjaxaqq 10

14/07/2024, 10:37

240714-mn51bsxajm 10

14/07/2024, 10:33

240714-mlys8swhkr 10

14/07/2024, 10:31

240714-mkph6syhqc 10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Nova Ware V3.exe

  • Size

    3.5MB

  • MD5

    39c054ed99984f358d16479827aeff7b

  • SHA1

    c80bd31a8f7c7cebb5903536fbcb072cefe37f00

  • SHA256

    a657bffaae594dd6b251b21f0457877e2bf0b76c2fab32d8c49d95629a03cd72

  • SHA512

    5c6dcfa0244e3bd2ea3c51bf8ad094395e16f747d57246bf0ce6601c9b20d77841f7e3c3d7440771c44725aff4691187d219d8265dd7c4d0dd94da3d632c830f

  • SSDEEP

    98304:bvU22SsaNYfdPBldt6+dBcjH9pCaIqRqM+y+N32/rDc:T57j+aPoB2j

Score
10/10
novawarequasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

NovaWare

C2

thssdxf6y74-54495.portmap.host:54495

Mutex

b5404b50-f626-49b9-8b08-b7ac4b28d57b

Attributes
  • encryption_key

    CFE12BEE480308179907A97B8F57771DDA407795

  • install_name

    NovaWare.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Java Updater

  • subdirectory

    SubDir

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Nova Ware V3.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections