General

  • Target

    solaris-cracked.exe

  • Size

    3.1MB

  • MD5

    ac85eaa17d9c8e9c54f34bde2eb28d3a

  • SHA1

    282725d2ccb8e000917ce5cb513e72c127416cd4

  • SHA256

    48b9efb682d2cd81f83d183dfafc1af2c4688ee2b4e7c13bba02aa7d4415b3d7

  • SHA512

    341f646378f9d8179907d5c5bfd391cb76bcc9f0de6bbda5c12978e9820bf74c924f9088b714fe0fd0d3a59709069825aa1b362a6bdf207cb5ad5f09dac8779f

  • SSDEEP

    49152:yvbI22SsaNYfdPBldt698dBcjHsW+RJ6DbR3LoGdrTHHB72eh2NT:yvk22SsaNYfdPBldt6+dBcjHs3RJ61

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.4.63:4782

Mutex

9673d61d-ce11-4a8b-bb07-673110a37bd4

Attributes
  • encryption_key

    E82C59158D805AC8DAE708B54BEAF999E98A2E56

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Signatures

  • Quasar family
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • solaris-cracked.exe
    .exe windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections