General
-
Target
229facbf155b85681dbbe760530e79401e30f8cca917c1c93657d2bd7dd3390f
-
Size
348KB
-
MD5
3d18b8eed380078fd6b8790335ef6ebf
-
SHA1
f1f1062cb7b3ed5b7eacb535531e45f1592b7ebf
-
SHA256
229facbf155b85681dbbe760530e79401e30f8cca917c1c93657d2bd7dd3390f
-
SHA512
a1ae71cc2892db5b1da6c95da0ad222eb224512212c778c6c3e548c63b19b42346d25e997358c092f3d5d0b77b026db3fcf70c4d95448043a7d38a7d0531e9df
-
SSDEEP
6144:B16bPXhLApfpbl/FRMTogMH/pbBGIOM9h9+GPw0hXm:LmhApD/MwCIOM0j0hXm
Score
10/10
Malware Config
Extracted
Family
quasar
Version
1.3.0.0
Botnet
ALINA
C2
youtubevideos.duckdns.org:10
Mutex
QSR_MUTEX_in9VG8pkDSHQVhS3MQ
Attributes
-
encryption_key
e902XsAGKQ0V47TRmpUl
-
install_name
csrsss.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
csrss
-
subdirectory
Suberrors
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
229facbf155b85681dbbe760530e79401e30f8cca917c1c93657d2bd7dd3390f
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections