Overview

overview

10

Static

static

10

Loader.exe

windows7-x64

10

Loader.exe

windows10-1703-x64

10

Loader.exe

windows10-2004-x64

10

Loader.exe

windows11-21h2-x64

10

Loader.exe

android-10-x64

Loader.exe

android-11-x64

Loader.exe

android-13-x64

Loader.exe

android-9-x86

Loader.exe

macos-10.15-amd64

4

Loader.exe

debian-12-armhf

Loader.exe

debian-12-mipsel

Loader.exe

debian-9-armhf

Loader.exe

debian-9-mips

Loader.exe

debian-9-mipsel

Loader.exe

ubuntu-18.04-amd64

Loader.exe

ubuntu-20.04-amd64

Loader.exe

ubuntu-22.04-amd64

Loader.exe

ubuntu-24.04-amd64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Loader.exe

  • Size

    3.1MB

  • MD5

    71fce84b3e3af2af448930f5e6c57dfe

  • SHA1

    d504cf7d4f37454fc11ab56f304def9a24119c81

  • SHA256

    6c7fd107dce2880c6841677b15f95c1fd2a3ccac9f5be007107075f606f54b34

  • SHA512

    b9751cccd92393262c58a91e13fa062b0c38a666cffb19bdfe1f95630041479872851841d7423a977853af3f643cee25331fa10c95c71835aac6b36b09fcf2a5

  • SSDEEP

    49152:5HobtR1o2PmNXo7WCr5nO9DvKvrYdgTHHB72eh2NT:5HmRvmNXo7WCr5O9Di

Score
10/10
irisloaderquasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

IrisLoader

C2

147.185.221.18:42996

147.185.221.18:1770
Mutex

9ddbf7fe-160a-423f-af8b-9cc2c3be4fa1

Attributes
  • encryption_key

    9E968F05BD874BA1BE086FD1774A027473823F49

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Loader.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections