Overview

overview

10

Static

static

10

4407068333...78.exe

windows7-x64

10

4407068333...78.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    44070683333d672deb0362e47ec78d7fc21e669f791921a717202a4d7655fb78

  • Size

    3.1MB

  • MD5

    463a276478324b457d7aeac429d98b0d

  • SHA1

    0fce65879c053b7574d8c4a3d72b07e036b67dca

  • SHA256

    44070683333d672deb0362e47ec78d7fc21e669f791921a717202a4d7655fb78

  • SHA512

    fbc48a5cc5e26d06344cb482ce3fe7c145d3a4bfb12f6208ddb7dc5fff066be4ac8124ac7cc3f251dd7be62da3a8715fad62cd6e3710c41571b25012bf1055aa

  • SSDEEP

    49152:fvzlL26AaNeWgPhlmVqvMQ7XSKKpRJ6obR3LoGdZ0THHB72eh2NT:fvpL26AaNeWgPhlmVqkQ7XSKKpRJ6C

Score
10/10
yquasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Y

C2

yuyang0608.ddns.net:4782

Mutex

6443e8e5-8305-4e0f-8e29-2602dbfa77d7

Attributes
  • encryption_key

    94C2948484DD46B00530251D2CB1E9495EA8C86F

  • install_name

    Amd Platform Support.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Amd Platform Support

  • subdirectory

    AMD

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 44070683333d672deb0362e47ec78d7fc21e669f791921a717202a4d7655fb78
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections