Overview

overview

10

Static

static

10

1riage Fid...it.zip

windows7-x64

1riage Fid...it.zip

windows10-2004-x64

1riage Fid...it.zip

android-9-x86

1riage Fid...it.zip

android-10-x64

1riage Fid...it.zip

android-11-x64

1riage Fid...it.zip

macos-10.15-amd64

1riage Fid...it.zip

ubuntu-18.04-amd64

1riage Fid...it.zip

debian-9-armhf

1riage Fid...it.zip

debian-9-mips

1riage Fid...it.zip

debian-9-mipsel

Resubmissions

13-01-2025 00:18

250113-alx6gsypem 10

05-01-2025 12:00

250105-n6nz7swjek 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1riage Fiddler shit.zip

  • Size

    28.9MB

  • Sample

    250113-alx6gsypem

  • MD5

    7dec47dd246b6a81c9f0992091ef2d03

  • SHA1

    c46e9addf83d24adeb036b8ed33a6dd13c024ede

  • SHA256

    28327d9e90781c714d6951c767b3fa88396048b81178e9b691ab8edef0e59cf7

  • SHA512

    2b2469a6535a311d8e3cc4fb4b0aac852b3e5a15306d3f53c83255867e61314ba1adb0a1ae2089160b61a48634d388efafda6813c8020b94e2046a57e68a2de6

  • SSDEEP

    786432:CBzytd5XjMdi0R6fu29sdi0R6fu2z+2UqeESHo4t/Isp:YzyRQRd2mRd2fMf

Score
10/10
quasarrobotandroiddiscoverylinuxmacos

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

robot

C2

tcp://quasarrat12345-50279.portmap.host:50279

Mutex

5b3b6ef6-1f5c-4cf2-a902-f38fc18c6f74

Attributes
  • encryption_key

    044C06AD5B6394C7D3CCD0919FA2C67D30EA87D4

  • install_name

    SolaraV3.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Windows Update

  • subdirectory

    SubDir

Targets

MITRE ATT&CK Enterprise v15

Tasks