Overview

overview

10

Static

static

10

Force-Op 1.8-1.18.exe

windows7-x64

10

Force-Op 1.8-1.18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Force-Op 1.8-1.18.exe

  • Size

    707KB

  • MD5

    33ae1da96e9c7b1516c81001b438ebbf

  • SHA1

    f987a3f11e81df844103bb02e7d1601b67efa0d0

  • SHA256

    47a1cb7fec95d3fa5efe378419774ddf350c529784294a157d3472f4eac431de

  • SHA512

    c5aaa0729cf25d1394633a8a2cc17479d4052472453429b0666779bc0e2cc7ee10158fc44983217bbbb86d54b79b9d3dee870ba8b049a47776eec49ed7e99019

  • SSDEEP

    6144:6TEgdc0YpXF7sMuVRY0zHdjK0JM6YtL7CsiT3PSfcEzOb8U9JBQ2GXtcTR3jeRgJ:6TEgdfYDsMQHBgP7g3KDI/BWcdjeTW1

Score
10/10
keshavking007 - fake opquasar

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

keshavking007 - fake op

C2

192.168.1.149:4782

192.168.56.1:4782

10.0.0.48:4782

127.0.0.1:4782

127.0. 0.1:4782

10.0.0.138:4782

88.103.237.113:4782

46.135.37.166:4782

192.168.1.131:4782
Mutex

8fa958f3-080c-47f6-9bf1-9f731ad86335

Attributes
  • encryption_key

    CF458145606195EA0446C7AFD5082150B8DABFFF

  • install_name

    BASServiceClient.exe

  • log_directory

    Logs

  • reconnect_delay

    300

  • startup_key

    Bassic Service Client Startup

  • subdirectory

    SubBASServiceDir

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs

Files

  • Force-Op 1.8-1.18.exe
    .exe windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections