General

  • Target

    Client-built.exe

  • Size

    3.3MB

  • MD5

    7ab6f43a992374ea2bc02b6870f92726

  • SHA1

    52277ea3799bc72c661a82d079184898239301db

  • SHA256

    659f42a823f37790b2cbdbfc19d0755a3471bfcb0097cdf48e2f891df62f4819

  • SHA512

    e9e98280a618966b3585c684d113ceee90a57e46ce02c64ab64c2a242f51e024c3c5f4f0313587afb9baf02960f6d6ebd939726dbab26680a4d8a6fcfc420a5e

  • SSDEEP

    49152:yei8dGFjxJFp/DGoye3Z4LVu0jvqCtQI2VEeTHHB72eh2NTf:yeCFjxJTbGor3Z4LVu0fKw/

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

SKIDS

C2

147.185.221.22:6712

Mutex

1051d457-43fe-4be3-87a0-52f2e36a87aa

Attributes
  • encryption_key

    F387A0FF28E4F7F4D7B4E353EB2E71F75D3FB5C0

  • install_name

    Windows Host Process.exe

  • log_directory

    Windows-Logs

  • reconnect_delay

    3000

  • startup_key

    Windows Host Process

  • subdirectory

    Windows

Signatures

  • Quasar family
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Client-built.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections