Overview

overview

10

Static

static

10

nw.exe

windows7-x64

10

nw.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    nw.txt

  • Size

    3.1MB

  • MD5

    9aee6e6aee46936d5f11683b56a4635d

  • SHA1

    27a72d3f6afca56af1d7a30aaaab6b1a325b27f6

  • SHA256

    92d9ebb2cc404dd5121be01e08fbdff816eb49436389e34de43c2183b891026f

  • SHA512

    e14709f290097fa1b9e2510ec02c3f2804d4cc0af81c60ca91fc957f22709e5c596636f9343b8dac118cc519e32c2e33e221566fb5ae422c29cf128948b1c25f

  • SSDEEP

    49152:DvzvE2H5aweBHPbl6T/yGaqA6/VDRJ6ybR3LoGd5THHB72eh2NT:DvDE2H5aweBHPbl6T/DaqA6/VDRJ6s

Score
10/10
certificado2quasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Certificado2

C2

pajarito25.freedynamicdns.org:8081

pajarito25.freedynamicdns.org:8080

181.162.137.153:8080
Mutex

88f93dd2-cb79-4fea-a5bd-8f08ceaa72d7

Attributes
  • encryption_key

    2F7DB670272D6A3F2B9C56A67A873128BBC93653

  • install_name

    localcert.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    localcert

  • subdirectory

    SubDir

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • nw.txt
    .exe windows:4 windows x86 arch:x86

    Password: 1234

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections