General

  • Target

    1fc3469378a92b852065e463b99e5b0cab8d8ba9d2fde12c05baa1454673b616

  • Size

    348KB

  • MD5

    99a2e914bbf4c8410c8c57bf24901919

  • SHA1

    8af5cc6ebba0bd365fa8accd92610c71380d93f7

  • SHA256

    1fc3469378a92b852065e463b99e5b0cab8d8ba9d2fde12c05baa1454673b616

  • SHA512

    f3b667faecf82c2b0528be0febcb9d2c21f54725fc2b9be03616c8398d849664571f04dda5364af6dc63d3351f51f5906f9f31fcec8e4b99ea18189d55d824cc

  • SSDEEP

    6144:+uwb/c2L0tR/i/3d96vxbh+fy3+ExETXWg3WKwt4d:hH2L+ive3r+0EqgmK24d

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Office04

C2

188.119.45.143:9896

microsoftstolewindows.duckdns.org:9896

192.168.1.52:9896

Mutex

QSR_MUTEX_cXyKUgoh2Hpnny6zAV

Attributes
  • encryption_key

    GTemocnTKzZZHIqpqBGg

  • install_name

    svchost.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    svchost

  • subdirectory

    SubDir

Signatures

  • Quasar family
  • Quasar payload 1 IoCs

Files

  • 1fc3469378a92b852065e463b99e5b0cab8d8ba9d2fde12c05baa1454673b616
    .exe windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections