General

  • Target

    Client-built.exe

  • Size

    3.1MB

  • MD5

    8cadd9d05b28bdf0f3caeed0ce516d9c

  • SHA1

    b6b04039117acc2ffaef424eeaf6d99b4086487f

  • SHA256

    7fc8b932158ef8ced6bebf0c254f96cd6cd4cd1a0fd3a90e54652768c477aaf7

  • SHA512

    2e1c01240ac20ac2a374926893fa4796d4f4daa8f479c1c55ad62791ca0cb32cc8baf192d849abefc9c1a88d69045f4aeb563105d5d54fcac049b3b8f2ba7fee

  • SSDEEP

    49152:zvghBYjCO4Dt2d5aKCuVPzlEmVQL0wvwkaj3QaEfeak/l4XoGdPTHHB72eh2NT:zvSt2d5aKCuVPzlEmVQ0wvwfj3QSY

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Manager

C2

serveo.net:11453

Mutex

a851cc5b-e50f-4270-9929-06c6323cdb3d

Attributes
  • encryption_key

    5A3C537E5FB2739D5B2468FC37915D58EF4AC5EA

  • install_name

    Runtime broker.exe

  • log_directory

    Microsoftsessential

  • reconnect_delay

    3000

  • startup_key

    Runtime broker

  • subdirectory

    Microsoft_Essentials

Signatures

  • Quasar family
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Client-built.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections