General

  • Target

    2

  • Size

    2.7MB

  • MD5

    654a5edfc6d36d1d475c50a8c852f2fc

  • SHA1

    48c4da32b00cfcaed25486b9494ec515a1773b40

  • SHA256

    14df5d1e4b0be12a769c1c8ba950c4c2a192cc4f145dbe9decec59bf2706788b

  • SHA512

    9ade8e74584193ddc1f853201b87fb86ba160bf3cc197d17e51109d3b6b46ba1ea658b0a161b2fc321fa12b6ff5466747cc2c0ec71f9fabdacbb356f510752ab

  • SSDEEP

    49152:c0xDDQQGj33SmdY5sKfLeG2QRaLaOUaO1kcQu79tlTXCyza32ehyfTAm:c0RQQGj33SGmsKfLeG2QRaGOUaO1kcQ6

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

Office04

C2

161.97.148.204:1604

Mutex

dabdfe29-55de-460b-9c36-9570f2b03a88

Attributes
  • encryption_key

    4795EB97A05AE5F4E669D4B7FFF6608D94FC9027

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Signatures

  • Quasar family
  • Quasar payload 1 IoCs

Files

  • 2
    .exe windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections