Overview

overview

10

Static

static

10

a338c03483...JC.exe

windows7-x64

10

a338c03483...JC.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    a338c03483149a3d571177520213e5772d99dac1c53cc026aa848b98c3faf631_JC.exe

  • Size

    3.1MB

  • MD5

    aa7a1bede908ca8d6cbc739897ca39dd

  • SHA1

    3006b21c0e3e7af41bc412fc3c3bd36248f9e2e1

  • SHA256

    a338c03483149a3d571177520213e5772d99dac1c53cc026aa848b98c3faf631

  • SHA512

    f4820517d87df98bc4961437ffe99aece9b8a611a8e8cdb05eed9ce75307d6c6702863280a2508a83f7b46e6ee7609c80e584980a876ee36402670d30ff73dbd

  • SSDEEP

    49152:evkt62XlaSFNWPjljiFa2RoUYIBcRJ6JbR3LoGdCTHHB72eh2NT:ev462XlaSFNWPjljiFXRoUYIBcRJ6L

Score
10/10
office04quasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

37.139.129.231:4782

Mutex

3ad6baec-5298-42a6-9552-285b62fa02dd

Attributes
  • encryption_key

    9EED1B7D6E8FFA2C046F59574D262777D3A1730F

  • install_name

    Sys.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    SystemProcess

  • subdirectory

    SubDir

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • a338c03483149a3d571177520213e5772d99dac1c53cc026aa848b98c3faf631_JC.exe
    .exe windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections