Overview

overview

10

Static

static

10

7f53287d24...fb.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7f53287d24ef99c2ba182cc0e201b29c265ea2787edc11893871592fa5b8b0fb

  • Size

    6.8MB

  • MD5

    34fd87508dfbb986bbf5768197bff8aa

  • SHA1

    ddfb44995013672c9a407064e8c79ca489c788a8

  • SHA256

    7f53287d24ef99c2ba182cc0e201b29c265ea2787edc11893871592fa5b8b0fb

  • SHA512

    0eaed6df3ac42686fe74a7bc11ff98c28d594eb2465a0a2ba9902c7c59d10e8758437cc9d050d198db6c9187b8070e392eed28a8c8743e1dcf5bee75484bfed9

  • SSDEEP

    24576:cWLXvqgqyfUrp7eD5Ry9cFkAKqzBfkm5zv0fW8yFAKOt3XvMIZiHI:BLtJiF4RyaXKqzBfkm5wQWKE1

Score
10/10
criokquasar

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Criok

C2

ildriendfrirotoi.zapto.org:61790

fruitingsuccess.ignorelist.com:61789
Mutex

QSR_MUTEX_JS7TIscSksvJKrLXxw

Attributes
  • encryption_key

    7RWfQmQNDJPIz1c1QtI1

  • install_name

    Updater.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Windows Update

  • subdirectory

    Windows

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 7f53287d24ef99c2ba182cc0e201b29c265ea2787edc11893871592fa5b8b0fb
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections