Overview

overview

10

Static

static

10

43e79ab56c...10.exe

windows7-x64

10

43e79ab56c...10.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    43e79ab56cd512db7348129670a3d2bbb652cae64ab7baca0320ab31390a3e10.exe

  • Size

    3.1MB

  • MD5

    f21aa436096afece0b8c39c36bf4a9ab

  • SHA1

    976b74c6a4e59e59a812c06032aae71a0516236a

  • SHA256

    43e79ab56cd512db7348129670a3d2bbb652cae64ab7baca0320ab31390a3e10

  • SHA512

    44500988e32db41452e83fcacfba7862fd1cc28ec1992b9040a408f155a5e6b416feb13dcf5afff690c615d51895476239575601cc255ecfb3973597ca13d15b

  • SSDEEP

    49152:pvrI22SsaNYfdPBldt698dBcjHKO06CBxDPoGd9THHB72eh2NT:pvU22SsaNYfdPBldt6+dBcjH06O

Score
10/10
wenzcordratquasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

WenzCordRat

C2

nickhill112-22345.portmap.host:22345

Mutex

7ee1db41-359a-46b2-bba3-791dc7cde5e1

Attributes
  • encryption_key

    985DB7D034DB1B5D52F524873569DDDE4080F31C

  • install_name

    WenzCord.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Update.exe

  • subdirectory

    SubDir

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 43e79ab56cd512db7348129670a3d2bbb652cae64ab7baca0320ab31390a3e10.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections