General

  • Target

    Client-built.exe

  • Size

    3.4MB

  • MD5

    ad8250eea17d8d7db7c3c23aba289f5c

  • SHA1

    c63d1c6b6e8b7789a777b1ffe55f15bbbfc3cc59

  • SHA256

    f3de21ec995555ab187ce0a254d2b353c1ed3c06030678f898ec56efabbae51f

  • SHA512

    d34b9db43bd08dea4452925c7c1cf4014d03b024a663b5ee938a4f205b3c6c49eccd169cbc687145d54223d07aafcde75ee0807963e705c9c71e130c00086abd

  • SSDEEP

    49152:tei8dGFjxJFp/DGoye3Z4LVXcBzJQI2zoTHHB72eh2NTfbDW:teCFjxJTbGor3Z4LVSeDH

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

SKIDS

C2

147.185.221.22:10340

Mutex

9b51d4f5-bfe4-4a06-ba47-dcfbf9fe8529

Attributes
  • encryption_key

    AEAE9E349BB922A243A5FF22FF4A80613533B71B

  • install_name

    Windows Host Process.exe

  • log_directory

    Windows-Logs

  • reconnect_delay

    3000

  • startup_key

    Windows Host Process

  • subdirectory

    Windows

Signatures

  • Quasar family
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Client-built.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections