Overview

overview

10

Static

static

10

4100bd9017...57.exe

windows7-x64

10

4100bd9017...57.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    4100bd9017fe00d79996880d75eab69e25695a6ec0df18b2b3a234887e78e657

  • Size

    475KB

  • MD5

    e9b2bdf91a9717ed43b7a07cc5f6a998

  • SHA1

    babef61296b12ddfbf783b13ff2032bbdba856c0

  • SHA256

    4100bd9017fe00d79996880d75eab69e25695a6ec0df18b2b3a234887e78e657

  • SHA512

    55a69450231df7225d52a17c479f2854c1ccd4c3c97c883fd472f73f136a6c9df5e9e393315d54415530957e9d7cb902c10b58e55111680b3c09a72dddc055c5

  • SSDEEP

    6144:sM1f5Wn6p38CV2bHN+qCgYfIoEvnbbBle1HzgiH:sM1U28CV28gM6B0zLH

Score
10/10
defaultquasar

Malware Config

Extracted

Family

quasar

Version

1.0.0

Botnet

Default

C2

216.224.126.132:3955

Mutex

74f43955-cbfe-4d73-b6ba-4eaac47ffd10

Attributes
  • encryption_key

    6F01E9B2AD33AB18A99071275DA0D2761925BAA7

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    EchoRAT Client Startup

  • subdirectory

    SubDir

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 4100bd9017fe00d79996880d75eab69e25695a6ec0df18b2b3a234887e78e657
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections