General

  • Target

    Client-built.exe

  • Size

    3.1MB

  • MD5

    65f560332bf2182421fe64870a52f4b2

  • SHA1

    f2379252646dd6af1518ea54837ec6e23cc5a174

  • SHA256

    2934474f4672a2c5edf3c1e32822100b486530b69be7bfc83824d6a3f18e8438

  • SHA512

    3d1dd205dfcc29faab31a1df3e800d35d09c9d184d39b83e508dd23e821574451f05e4119c22203978074a0304892322a8a38e4a2018bde2595f146094aea023

  • SSDEEP

    49152:gvplW2p9agXI2PrlTnr4BZmFzeqEwaBxmcoGdTrTHHB72eh2NT:gvHW2p9agXI2PrlTnrmZmFzeBwuD

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

os

C2

192.168.12.144:4782

2607:fb91:789:644:42e:9308:c1bf:5574:4782

192.168.12.1:4782

Mutex

ed5e9894-fa68-429b-af19-40423a5eb03e

Attributes
  • encryption_key

    816786C17BE34740EBDD613A07ED84B7070346E5

  • install_name

    system runtime enironment.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    system runtime environment

  • subdirectory

    SubDir

Signatures

  • Quasar family
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Client-built.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections