General

  • Target

    Dell-Spoofer.exe

  • Size

    3.1MB

  • MD5

    bb5e24ae449c14d485bffb194bb3326b

  • SHA1

    9e28d1c69ce22f5345c287a7d5fab3aece14ae2d

  • SHA256

    06f7a5380d0d2f23e9c481071e7766486806d38c6cd5785b5897863b481d56d1

  • SHA512

    ec00f7318c2ae98d8da730779ee6e85ac7ece211b402f479cef9a4204bddb76fa5073c0d4afc45dcb7a5a48567efa36b8639e4ed39681706d432030df035cf97

  • SSDEEP

    49152:rveI22SsaNYfdPBldt698dBcjHBpRJ6DbR3LoGdnTTHHB72eh2NT:rvT22SsaNYfdPBldt6+dBcjHBpRJ61X

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

ihateniggers5544.ddns.net:8809

Mutex

b70e724b-4202-4eaf-b98a-4e60321e81b1

Attributes
  • encryption_key

    17A6263AC244917D1D2FCDF862A8A170BBA832F9

  • install_name

    Spoofer39.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Windows Explorer Management

  • subdirectory

    SubDir

Signatures

  • Quasar family
  • Quasar payload 1 IoCs

Files

  • Dell-Spoofer.exe
    .exe windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections