General

  • Target

    3ecf24e572980c093d67046cf6480284f96224e3e887ef3854428e1fec0adc87

  • Size

    348KB

  • MD5

    3227a70d123b9da999bf150fdf605036

  • SHA1

    1b959876c589dc17b0d7084a8f3017123e8568af

  • SHA256

    3ecf24e572980c093d67046cf6480284f96224e3e887ef3854428e1fec0adc87

  • SHA512

    1c75060b544047c0a6d39822014c85bb5bba8e14b4432b2a291bc9e2b8e55c156f9736d1483f8f8f226961aa663a9fc20919e6d2812faf38ceb2f262e31ae8ae

  • SSDEEP

    6144:8uwb/c2L0tBYYOtUEbtZTl8MNtX2MwE+:bH2Ll5tVZeMNtX2M7+

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Office04

C2

188.119.45.143:9896

microsoftstolewindows.duckdns.org:9896

192.168.1.52:9896

Mutex

QSR_MUTEX_ZhL1p5SiHTlBKUYEsI

Attributes
  • encryption_key

    sBg2G8lxZ2VaMwfKc6V3

  • install_name

    svchost.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    svchost

  • subdirectory

    SubDir

Signatures

  • Quasar family
  • Quasar payload 1 IoCs

Files

  • 3ecf24e572980c093d67046cf6480284f96224e3e887ef3854428e1fec0adc87
    .exe windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections