Resubmissions

03/01/2023, 23:51

230103-3v4zlsge6z 10

03/01/2023, 23:11

230103-26p46age3w 10

General

  • Target

    Win64Sys.exe

  • Size

    378KB

  • MD5

    361ee66ffa93eda7d78eb4a5d14bfd57

  • SHA1

    e8157e8283a3f8eb7390d45b98ae4d32c53ce273

  • SHA256

    8f42439424657a1b5f08a2ec107041b5a7e01129dd40bb08fa04659b70d90567

  • SHA512

    19fd3a727bdd1222e8cb859fa09f89fcd075c761ffeaa0a5b69c20faa4782de26157e446f6d548da5c3b2bf203d9aace78d963b7566c3fbbbe9a3c5c26d9f0d6

  • SSDEEP

    6144:+KMJx4pweP7kJS3irzPchzCSfj654xCbjj0P4MkV45M9TP:+KoSckh9765EAj0NHM9TP

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Office04

C2

stuhowe.ddns.net:4782

Mutex

QSR_MUTEX_X4mfjPTkLaQEdjHzYF

Attributes
  • encryption_key

    9FBvOmlVpI0GOzCn9KhI

  • install_name

    Win64Sys.exe

  • log_directory

    Keys

  • reconnect_delay

    3000

  • startup_key

    Windows x64 System Client

  • subdirectory

    Micosoft

Signatures

  • Quasar family
  • Quasar payload 1 IoCs

Files

  • Win64Sys.exe
    .exe windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections