Overview

overview

10

Static

static

10

SGVPClientUsers.exe

windows7-x64

10

SGVPClientUsers.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SGVPClientUsers.exe

  • Size

    3.1MB

  • MD5

    2fcfe990de818ff742c6723b8c6e0d33

  • SHA1

    9d42cce564dcfa27b2c99450f54ba36d4b6eecaf

  • SHA256

    cb731802d3cd29da2c01ffbb8c8ed4ef7de9d91c133b69b974583bede6bfd740

  • SHA512

    4f20a27817de94a07071960abe0123277c0607a26de709e2ade201597df71d8c2eec7da353efba94dc6a8369b89db4caeaf9505d02b90dc30c37010a885c3613

  • SSDEEP

    49152:PvXz92YpaQI6oPZlhP3Reybewoklwuv1JHloGGWTHHB72eh2NT:PvD92YpaQI6oPZlhP3YybewoklwuV

Score
10/10
sgvpquasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

SGVP

C2

192.168.1.9:4782

150.129.206.176:4782

Ai-Sgvp-33452.portmap.host:33452
Mutex

a35ec7b7-5a95-4207-8f25-7af0a7847fa5

Attributes
  • encryption_key

    09BBDA8FF0524296F02F8F81158F33C0AA74D487

  • install_name

    User Application Data.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Windowns Client Startup

  • subdirectory

    Quasar

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • SGVPClientUsers.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections