Overview

overview

10

Static

static

10

d4e3e9ccf3...b1.exe

windows7-x64

10

d4e3e9ccf3...b1.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    d4e3e9ccf34249744cc8bbeba02fb11626604b8093edc8d85326b467e6aeb7b1.exe

  • Size

    916KB

  • MD5

    d118789a1d9462d193ddee6a0d798c61

  • SHA1

    23cdc2293ee3e7ad359b518217bd2a91525eb59a

  • SHA256

    d4e3e9ccf34249744cc8bbeba02fb11626604b8093edc8d85326b467e6aeb7b1

  • SHA512

    4c41f62b67885011c9d09e9cc480a4a8354f83a75a13c6bfc70f8563a7a9884f75ae3de83be2fa6585f1c9f7b8e94330086b97fd891f11519d18ee902fbaf7a3

  • SSDEEP

    24576:VAcziHVcYBjF3ZLNfBzVHps1LusJLK1lk8oLE:nziHVcYBjF3ZLNfBzVHpsLk1lk

Score
10/10
hotelsquasar

Malware Config

Extracted

Family

quasar

Version

2.8.0.1

Botnet

Hotels

C2

23.227.193.34:4449

Mutex

5jEbhOzAJJ3VS1IFbs

Attributes
  • encryption_key

    xnJQsQUB6iQCPz2Qqr4i

  • install_name

    cloud.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Startup

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • d4e3e9ccf34249744cc8bbeba02fb11626604b8093edc8d85326b467e6aeb7b1.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections