Overview

overview

10

Static

static

10

c5cb97fbe4...99.exe

windows7-x64

10

c5cb97fbe4...99.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c5cb97fbe4243df1a99a9c82f44ad555f283fad9f4b15b791faebe5048c8fc99.exe

  • Size

    3.1MB

  • MD5

    3e8b57c2be9df63483a368b71ccb938b

  • SHA1

    deb26a1b7f616c8d392ae55dd279140b034a4060

  • SHA256

    c5cb97fbe4243df1a99a9c82f44ad555f283fad9f4b15b791faebe5048c8fc99

  • SHA512

    c7d646c84531b6f182820a3cebc1779ef87bd0c92aeabccb922b685f040371d251b0da15fd5ecaa54dfe315560bba807a87aed2f44dbc0fce9703b5c0f4ee7e5

  • SSDEEP

    49152:Dvwt62XlaSFNWPjljiFa2RoUYIMIW+sWvoGdBNZTHHB72eh2NT:Dv862XlaSFNWPjljiFXRoUYIjW+s6

Score
10/10
long legquasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Long Leg

C2

twart.myfirewall.org:9792

Mutex

0235e291-5d04-4fa3-932c-869aeec51499

Attributes
  • encryption_key

    3145298725BA5E0DD56E87FFE3F8898EA81E6EDA

  • install_name

    workbook.exe

  • log_directory

    Logs

  • reconnect_delay

    6000

  • startup_key

    workbook

  • subdirectory

    SubDir

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • c5cb97fbe4243df1a99a9c82f44ad555f283fad9f4b15b791faebe5048c8fc99.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections