General

  • Target

    cca1725d99ffece2b6c33414d35f12079a32f6c86feed3c25e73065844f00c9f.exe

  • Size

    3.1MB

  • MD5

    dd7a806c734df62ecf4802977fa0b3e9

  • SHA1

    42eae42e0fcfe9d9a54e493a670adde5241377da

  • SHA256

    cca1725d99ffece2b6c33414d35f12079a32f6c86feed3c25e73065844f00c9f

  • SHA512

    0f8e2e565b40baabdde4018db57e06aee8e8dfeb4b1491e8e02e56a20e6b55bc1130ed74a702c35e043d4886af969af5d8ca26f5caeb0e96694982ecfbc80bbf

  • SSDEEP

    49152:yvkt62XlaSFNWPjljiFa2RoUYIO8RJ6IbR3LoGdaTHHB72eh2NT:yv462XlaSFNWPjljiFXRoUYIO8RJ6i

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Aryszx

C2

Apichat:4782

Mutex

181f4a12-4cad-46a9-9896-1001033c5b69

Attributes
  • encryption_key

    F4F359BEF442D9221F73F7D64267E0E300CC68CE

  • install_name

    Runtime Broker.exe

  • log_directory

    Logs

  • reconnect_delay

    1

  • startup_key

    Runtime Broker

Signatures

  • Quasar family
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • cca1725d99ffece2b6c33414d35f12079a32f6c86feed3c25e73065844f00c9f.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections