General
-
Target
888 Rat v1.2.6.zip
-
Size
74.8MB
-
MD5
ed677a2cbd23d1b2e38bab0290a01602
-
SHA1
375c12f74b1f5371d0d00aa4eed090b17f79ab44
-
SHA256
d9626081d2bf9a172e48c533a3a090ea1bea072da069cefd9f0f8df11f68f1b4
-
SHA512
45c84eaf9729b56749497d8097d1718938d7c4733cf9d743170260086944c0f42fdaa316bec7c35957f80c9abeecc1af786793913dee5324788357ed0b16ec22
-
SSDEEP
1572864:DrABerxu4LBvOFD63EdvEJTNnzht3LOPQLVTUEQH4l30o1zWNL:DWkxu+1OU3EdvEfHc2TUEQHidQNL
Score
10/10
Malware Config
Extracted
Family
quasar
Attributes
-
reconnect_delay
3000
Signatures
-
Contains code to disable Windows Defender 1 IoCs
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Quasar family
-
Quasar payload 1 IoCs
-
AutoIT Executable 1 IoCs
AutoIT scripts compiled to PE executables.
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
888 Rat v1.2.6.zip
-
888 Rat v1.2.6/888 Rat v1.2.6/888 Rat v1.2.6.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections