General

  • Target

    Seroxen.exe

  • Size

    3.2MB

  • MD5

    ecd1d786fb4e8d2fdd9fde6d5ad3f5d3

  • SHA1

    bea4d57cb8cc632b0074bfd1ef3739ee11399df1

  • SHA256

    f5dccd02d415f96bbde7cdcd9afa5376911166e795486e772a3ffa124fe45302

  • SHA512

    123086110b392ab14ca99b91b246266b93b21e0036cde9919649edcd83751cf163688a7795a781c6c3190cc3dcdc272ff7b3b9bc6c617cbac0cbc18908a46f1e

  • SSDEEP

    49152:oei8dGFjxJFp/DGoye3Z4LVoc96cppQI2VlUTHHB72eh2NTf:oeCFjxJTbGor3Z4LVocx+b

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

SKIDS

C2

147.185.221.22:10340

Mutex

9b51d4f5-bfe4-4a06-ba47-dcfbf9fe8529

Attributes
  • encryption_key

    AEAE9E349BB922A243A5FF22FF4A80613533B71B

  • install_name

    Windows Host Process.exe

  • log_directory

    Windows-Logs

  • reconnect_delay

    3000

  • startup_key

    Windows Host Process

  • subdirectory

    Windows

Signatures

  • Quasar family
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Seroxen.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections