General
-
Target
185e2153758f94ff134e690e74f875a469b9ac9b58284f8e1482b77c34935c5e
-
Size
358KB
-
MD5
19f081815e6c363fc05fb4e4be28325f
-
SHA1
0ae19dc0f3874f9a80f6bb7c25a2e5b112f452f3
-
SHA256
185e2153758f94ff134e690e74f875a469b9ac9b58284f8e1482b77c34935c5e
-
SHA512
1c27a6c2ba52b0973b6aaea7bc66886400ac2bbd1d29f3512e31419efa8991b31f07d30cdb840b7829a9c2dccc944166889f44c16300fd3a65207fb979c415ac
-
SSDEEP
6144:mbZJrgLF70dPbTIMEnTzTzTF579QlbMUjflrsXc4f4Lnadp0y:O47O/IF79EjfCXcy4jk0y
Score
10/10
Malware Config
Extracted
Family
quasar
Version
1.3.0.0
Botnet
H-A-C-K-E-D
C2
Niverzz-52901.portmap.host:52901
Mutex
QSR_MUTEX_zZK420JELHXuVWHG1x
Attributes
-
encryption_key
1C3jvNao2B1gXCjfEPbY
-
install_name
RuntimeBorker.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Runtime Broker
-
subdirectory
SubDir
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
185e2153758f94ff134e690e74f875a469b9ac9b58284f8e1482b77c34935c5e
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections