Overview

overview

10

Static

static

10

Neverlose-...in.zip

windows10-1703-x64

10

Neverlose-...er.exe

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Neverlose-Loader-main.zip

  • Size

    227KB

  • MD5

    46de2e1c007d56e22e8abc7885af8bbe

  • SHA1

    0f780f64ea2c22302f8e08a527d5a04fd429aba5

  • SHA256

    e20f97d57623732bc8c216d8fb182f37b09934728ffa833c12a98a0c0c0957d5

  • SHA512

    3bb1a51eea02dbf8d4e7c8fa88e6dae2efedb8d614d64c998c7508e13b3063b7fa7ae48f60196bf9a40045511e17e424ab1b7a30bcef6898acda657ea9c595cf

  • SSDEEP

    6144:B19gu5MiTpOZxQrT56mzfV5bFW1cSguff:BwMJTFo+V5bu1guX

Score
10/10
office04quasar

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

Office04

C2

192.168.31.99:4782

2001:4bc9:1f98:a4e::676:4782

255.255.255.0:4782

fe80::cabf:4cff:fe84:9572%17:4782
Mutex

1f65a787-81b8-4955-95e4-b7751e10cd50

Attributes
  • encryption_key

    A0B82A50BBC49EC084E3E53A9E34DF58BD7050B9

  • install_name

    Neverlose Loader.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Java Updater

  • subdirectory

    SubDir

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Neverlose-Loader-main.zip
    .zip
  • Neverlose-Loader-main/Neverlose Loader.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections