General
-
Target
b47ac6cd4c95203d406fdae9ee5f4ed0N.exe
-
Size
348KB
-
MD5
b47ac6cd4c95203d406fdae9ee5f4ed0
-
SHA1
5e255e4c7660c2c9f1819a49aec56338d103f84d
-
SHA256
e57d87eb4c317491d133c823d594d4a4db4eb9f45553444e12802c3224daf9af
-
SHA512
9721d2c038b92459c811a6c98957879a1fc8555a70617bed04c599101e6bb8ed8e33019104bec9de7cd311fd2945dab6ba24e8857c019051f6556e54665266c8
-
SSDEEP
6144:aI6bPXhLApfprCpH1iVLIK0Xida5v6trsdQbQ/IJ3z0Vey0rIK:nmhAp5c16Lyrn/IpzWt0kK
Score
10/10
Malware Config
Extracted
Family
quasar
Version
1.3.0.0
Botnet
newffff
C2
windows-defender.com:10
Mutex
QSR_MUTEX_SVa0lIo2mSEjV8UMGD
Attributes
-
encryption_key
66ns531dENyEm8A6GMEO
-
install_name
svchostss.exe
-
log_directory
Logsa
-
reconnect_delay
3000
-
startup_key
svchosts
-
subdirectory
svchostss
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
b47ac6cd4c95203d406fdae9ee5f4ed0N.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections