quasar | f7b9f44883cc004d34cd03dd739cbecccb3ff66824856d30dcdc31d6b5165aff[.]zip

General

Target

f7b9f44883cc004d34cd03dd739cbecccb3ff66824856d30dcdc31d6b5165aff.zip
Size

1.2MB
MD5

fc3f4a15cab8a7c0c1eb6e53e22785a8
SHA1

b268f474f7bd8fc916a80c206a6d17d471a72257
SHA256

d80e66bf2994f5b88cc8a69bc53f77066eb13fd42c1488ac91ea68f10edf4d21
SHA512

324bed94499e156c1800b602e91d87ece58af838db6bb98c13d9634d1a3c752f6a8b0684d2c7607937ed23c0a24242f51fb59784671c14105314b06b1e2870f8
SSDEEP

24576:DLwPZaaBul49Z+g/D+JBB7/xry8F3xJXeS6JKo:2IaKuBDKzrkcxJOS6JKo

Score

10^/10

office04 quasar

Family

quasar

Version

1.4.1

Botnet

Office04

C2

thebest39393.ddns.net:8809

Mutex

1224f465-e32d-4085-9a02-731b542e4878

Attributes

Quasar payload 1 IoCs

resource	yara_rule
static1/unpack001/f7b9f44883cc004d34cd03dd739cbecccb3ff66824856d30dcdc31d6b5165aff.exe	family_quasar

f7b9f44883cc004d34cd03dd739cbecccb3ff66824856d30dcdc31d6b5165aff.zip
.zip

Password: infected
f7b9f44883cc004d34cd03dd739cbecccb3ff66824856d30dcdc31d6b5165aff.exe
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ