General

  • Target

    friends forever.exe

  • Size

    3.1MB

  • MD5

    ea836fb4533514a9a0e7e1b79378844d

  • SHA1

    efda5af5b9ee2d3c6f799e23435a1a4b741232e3

  • SHA256

    6f7eb9b82b545931d07d4763a819578e3161f3df295dfcbf6c831be04ee2e61d

  • SHA512

    c116e25c1c4550b4ba66137b442d2b7f372a0ac0f27f016e4e86e81b7c0d3f43c964fac5e8fe611690ea44d3caf27911a135ee3f4e44d8b872ec48576f68623a

  • SSDEEP

    98304:nvSL26AaNeWgPhlmVqkQ7XSKctFxwnys:vC4SR3x0y

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Click Lover

C2

193.161.193.99:44422

Mutex

98bd51bf-11bf-416b-a912-36f489dfdd26

Attributes
  • encryption_key

    2E11DF8B2B2BF1F6C123C50C37AB3BD9FF752BD5

  • install_name

    Video Application.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Video Application

  • subdirectory

    SubDir

Signatures

  • Quasar family
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • friends forever.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections