Overview

overview

10

Static

static

10

quasar.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    quasar.exe

  • Size

    3.1MB

  • MD5

    8b0270a1fe2e8b6d98bd29ce11d18f9c

  • SHA1

    a64f7a329f2e741d6ce6a3dd3a66023e4885f8c7

  • SHA256

    e3c05e377bb3d08792a47d2d04488df5048549e96939a7207c5ef14015d2c329

  • SHA512

    52e7f3ace9b489729fa8a0434dd362f88e5af8ec34c36b8f40f05fa8fcbc8316ec1e578d8cc6ea2ae9a1e7c7b06ace205f354562988b4428f34066f17589d168

  • SSDEEP

    49152:Xv9z92YpaQI6oPZlhP3ReybewoMdRJ6XbR3LoGdasTHHB72eh2NT:XvV92YpaQI6oPZlhP3YybewoMdRJ6pK

Score
10/10
office04quasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.56.1:4782

93.35.198.71:4782

7.tcp.eu.ngrok.io:14313:25565
Mutex

63eac64e-75b2-49ce-8a2e-3d1114815132

Attributes
  • encryption_key

    4C728E4D527117B7094ADC3922AFF7A3BF47EF70

  • install_name

    WinSysUpdate.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    WinSysAnalisis

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • quasar.exe
    .exe windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections