General

  • Target

    OperaSetup.exe

  • Size

    3.1MB

  • MD5

    f713bf56ee07e9249115407a3ab956ec

  • SHA1

    3b057cdb4c2d3250c479b31fd8c778e3000af063

  • SHA256

    23f46b2324ef959ac7e6c77af2e3ad207a54dbda8aa8c384696fd00dc930bafa

  • SHA512

    843f9ca18ccdd60406ac234637c7524b3557d1f2f5d235c9da5a27c7e31560f384527a2c2c2325d833a03ece2012fe6b387eb2a740cba7dfe98d7058970449b8

  • SSDEEP

    49152:Bvht62XlaSFNWPjljiFa2RoUYILaTpE1Wk/cloGdSKTHHB72eh2NT:BvL62XlaSFNWPjljiFXRoUYILax

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Opera

C2

0.tcp.eu.ngrok.io:12857

Mutex

757c01c8-4047-47b2-8a5f-25c063742f99

Attributes
  • encryption_key

    F0EAB171A5D243B6A342E6A883BB228506B7CA17

  • install_name

    OperaSetup.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Opera Launcher

  • subdirectory

    Opera Software

Signatures

  • Quasar family
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • OperaSetup.exe
    .exe windows x86

    Password: ffff

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections