General

  • Target

    22.bin

  • Size

    516KB

  • Sample

    230215-jrrqbsad8z

  • MD5

    a8ad80154bfc620f0f525b760757da16

  • SHA1

    fba17f5fdccf55a107bbc55f90ed68d79c0e0f4c

  • SHA256

    d32befde900698b16fdb26329e756b982e3d7016d10c77a504af7eca4a741508

  • SHA512

    79aba85e5bd92f24296b311e7215276a9502a518c38f6034d7b08950d219a663c5b0377639897e1c0e03662e2580434d20b6945f6c339a7748728a97e3af4f64

  • SSDEEP

    6144:R1Up7+qTWMxXf3kZGsYlmKKJBRjAtsvr3GigCI/+ib8F9tWPjpxjCpwsaAOvOu:R1UphaMxvfCGCF/WttYIAOz

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

Office04

C2

95.216.102.32:4782

Mutex

d43d9251-a2c6-4b53-b1a7-e1c7204dbfb2

Attributes
  • encryption_key

    B0326395AC2D48856CAE22978A087DF5DCF5816D

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Update

  • subdirectory

    SubDir

Targets

    • Target

      22.bin

    • Size

      516KB

    • MD5

      a8ad80154bfc620f0f525b760757da16

    • SHA1

      fba17f5fdccf55a107bbc55f90ed68d79c0e0f4c

    • SHA256

      d32befde900698b16fdb26329e756b982e3d7016d10c77a504af7eca4a741508

    • SHA512

      79aba85e5bd92f24296b311e7215276a9502a518c38f6034d7b08950d219a663c5b0377639897e1c0e03662e2580434d20b6945f6c339a7748728a97e3af4f64

    • SSDEEP

      6144:R1Up7+qTWMxXf3kZGsYlmKKJBRjAtsvr3GigCI/+ib8F9tWPjpxjCpwsaAOvOu:R1UphaMxvfCGCF/WttYIAOz

MITRE ATT&CK Enterprise v6

Tasks