Overview

overview

10

Static

static

1

svhoost32x.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    svhoost32x.exe

  • Size

    3.2MB

  • Sample

    250401-s9jxwa1xgt

  • MD5

    60071cd67bf5abd5c7a1e7a3bf293f02

  • SHA1

    20c477d635811d3761c39e4592f7d019618f7414

  • SHA256

    0a3f7a9f6caed009daac061ee2eb60572a42084eabb6248fb802516c835955a4

  • SHA512

    392d2b7f45b3d406be15c4b229cfd938a32d9fffe0bba440e1f76e9387165e1982344b81cc170cb6583d985bb3bedf6eb70fb9f1d5531b755329218f096a4c70

  • SSDEEP

    98304:9vakiJv0vcX3q3WfjYgkkkJWbJVsszKif+ZV/x//sV:otRYcnqWbkc2if4Vp/4

Score
10/10
quasaralbionn12discoveryspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

albionn12

C2

213.209.150.112:4782

Mutex

97571fd4-bcdb-4663-9b7b-2f6d2712dd11

Attributes
  • encryption_key

    A12AE7759355ACD22659164CA63723220FFE885D

  • install_name

    svhoost 32x.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    svhoost 32x

  • subdirectory

    SubDir

Targets

    • Target

      svhoost32x.exe

    • Size

      3.2MB

    • MD5

      60071cd67bf5abd5c7a1e7a3bf293f02

    • SHA1

      20c477d635811d3761c39e4592f7d019618f7414

    • SHA256

      0a3f7a9f6caed009daac061ee2eb60572a42084eabb6248fb802516c835955a4

    • SHA512

      392d2b7f45b3d406be15c4b229cfd938a32d9fffe0bba440e1f76e9387165e1982344b81cc170cb6583d985bb3bedf6eb70fb9f1d5531b755329218f096a4c70

    • SSDEEP

      98304:9vakiJv0vcX3q3WfjYgkkkJWbJVsszKif+ZV/x//sV:otRYcnqWbkc2if4Vp/4

    Score
    10/10
    quasaralbionn12discoveryspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • Executes dropped EXE

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks