General

  • Target

    2eda48729dc77cb35b9e5cabda7a63c0daf839df13d4047c70b8dbfa288963ecN.exe

  • Size

    341KB

  • MD5

    b8507ead18b15a807cafd59c14315120

  • SHA1

    0035b089f47d010865b1792e1e8b3774e292f710

  • SHA256

    2eda48729dc77cb35b9e5cabda7a63c0daf839df13d4047c70b8dbfa288963ec

  • SHA512

    80257e8a53e173cd218bb48c9b7cfad6dddb99234c2babef4b0ae1e219b42e1ef47a4851210aa5ec3a52e82da4412b488142ec4d4345e65fa8e7385eb5b655ce

  • SSDEEP

    6144:oLRmi19KZRIo4sY7d+nTzTzTFPsWo2bMmIo7+vfep0:m19KIonkditIoufI0

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

CHAMUTLDA

C2

xowite7203-56864.portmap.host:56864

Mutex

QSR_MUTEX_b1MzVBeB2fgsMGAB8R

Attributes
  • encryption_key

    A4r7dFvwva7oUnxJWxHI

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    System

  • subdirectory

    System32

Signatures

  • Quasar family
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2eda48729dc77cb35b9e5cabda7a63c0daf839df13d4047c70b8dbfa288963ecN.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections