General

  • Target

    Client-built.exe

  • Size

    3.1MB

  • MD5

    b29a2d70ef8fdca191e1ec922f1da2db

  • SHA1

    c3e3e39f81debd63c75b51dfa465b751cac8e610

  • SHA256

    99c8f5476c5197182fca664a0321e42a05edb8c116ca8a1902c915ada089daf9

  • SHA512

    7857c728935486282d6fa47513c2a3bc008f7065302d3ff3938dcf4b00037c387982055e3d29a3b64d66107b0710167e0179182346cde8e2423506b35f8bea49

  • SSDEEP

    49152:XvxG42pda6D+/PjlLOlg6yQipVO1kxNESEDk/i9LoGdkTHHB72eh2NT:XvA42pda6D+/PjlLOlZyQipVskxm1

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

mes:4782

90.255.152.189:4782

90.255.152.189:8080

Mutex

2cc3d7d3-cfe8-4d6e-a382-f8b0aa2fb36d

Attributes
  • encryption_key

    FF346F4D8C2E655B32CE303AC58160A19281AFEA

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Windows Power Tools

  • subdirectory

    SubDir

Signatures

  • Quasar family
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Client-built.exe
    .exe windows:4 windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections