Overview

overview

10

Static

static

10

keysercheetos.exe

windows7-x64

10

keysercheetos.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    keysercracked.rar

  • Size

    1.0MB

  • MD5

    af287f435ab3ef603b3466139b9744f2

  • SHA1

    f045e427fe709dfbf9a5c7cd31ad63bac744e80d

  • SHA256

    daf48dfcff237bc1883b9b0005b0a3ea92880e0d561ad4127de2076542252aa5

  • SHA512

    d433daa4426d43027f2e45444e1ea595d8475381b8e157c9a70fa954844b4bb6453cef918c486043e742388528541591cbf2f0a65604206fa1035f6216f5d4af

  • SSDEEP

    24576:tTDRFI8lU6K30gR+eXJETFMAg5z/xUyvjW/A:tTD48lU6K3+OJEBMAgp/xUy7WY

Score
10/10
daddyspooferv1.4quasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

daddyspooferv1.4

C2

192.168.56.1:4782

192.168.56.1:4781

chris1212-43098.portmap.host:4782

chris1212-43098.portmap.host:43098
Mutex

66be076a-c9c1-4ea0-a5c1-d0257b4d87ee

Attributes
  • encryption_key

    D0FBA107AD203B610615E444B23834F88CB58A1D

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Update

  • subdirectory

    clienthost.exe

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • keysercracked.rar
    .rar
  • keysercheetos.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • readme.txt