Overview

overview

10

Static

static

10

4c9fda48a9...da.exe

windows7-x64

10

4c9fda48a9...da.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4c9fda48a95f89b5a9cd070e9fd77a4c60205e221b682eb6b8d80e7527cafeda

  • Size

    3.1MB

  • MD5

    0e544c7dccc5ac91a382ba67577d7cd6

  • SHA1

    44b0868b7a9b0bf5c20ebeae736ddaeb2385fd92

  • SHA256

    4c9fda48a95f89b5a9cd070e9fd77a4c60205e221b682eb6b8d80e7527cafeda

  • SHA512

    c8544b538f74cfe5b397e958859b6145630db440c6b3700bb3751aa29ed7ac88ab34b9e9896ef70d25275deed05a937b4112932b879db7e93fdd0e2a5929e309

  • SSDEEP

    49152:bv4uf2NUaNmwzPWlvdaKM7ZxTw678gbR4LoGdgaTHHB72eh2NT:bv3f2NUaNmwzPWlvdaB7ZxTw678n

Score
10/10
stinkyquasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Stinky

C2

ef3243fsert34.ddns.net:47820

anthonyngati.ddns.net:3872
Mutex

60cba0a9-0a63-450c-9567-57ef0e3c2e24

Attributes
  • encryption_key

    7A23123B6E1E0CCDB27477C6C7654C7BE2FEDE54

  • install_name

    sru.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    xml

  • subdirectory

    sru

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 4c9fda48a95f89b5a9cd070e9fd77a4c60205e221b682eb6b8d80e7527cafeda
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections