General

  • Target

    884037306c425626aac2216ad5f31190N.exe

  • Size

    3.1MB

  • MD5

    884037306c425626aac2216ad5f31190

  • SHA1

    1f41e2d531e5f59f718edcd607ba1f0ff8781a1b

  • SHA256

    a60df1f25c47567b3b0d9bb16dc009b30aaa910d58b150126312e9181d556323

  • SHA512

    52ca84d19599db8b8bef2ae1a7b092f45b6ec3d4b87757f94527f71161d0c9504ff36848d768b6ffc61cc22ab4ee9bca8db308e9b862aba710cb3b7932adf67f

  • SSDEEP

    49152:OvBt62XlaSFNWPjljiFa2RoUYITdRJ6ubR3LoGdLikTHHB72eh2NT:Ovr62XlaSFNWPjljiFXRoUYITdRJ6o7

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

loader

C2

98.226.45.190:4782

Mutex

29e6bab7-887c-4692-a855-45d37186c3ff

Attributes
  • encryption_key

    534371B2D807037820BCFDCF69DE6B7E2CFA2732

  • install_name

    loader.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    loader

  • subdirectory

    loader

Signatures

  • Quasar family
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 884037306c425626aac2216ad5f31190N.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections