Overview

overview

10

Static

static

10

Client-built.exe

windows7-x64

10

Client-built.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Client-built.bin.zip

  • Size

    220KB

  • MD5

    ed301a5946cf592c25783acb7acc2a7c

  • SHA1

    2db3ab2696a465e7504baf39bb6de9f13e2b3bf7

  • SHA256

    9f116e02071b903b2d5b85cc56121add48f477a4a4df615e061147b10fe5aed2

  • SHA512

    46f72a6650f8d731481844d65c6a949c1fafc84ba561836540d6649efe76bec8fa0e16f63613054594c22108702c00dee1f8e8b38521216e6471703e042feebd

  • SSDEEP

    6144:Q4itgOvbBShO1X27YZvnV31szOJAASYNUofRVDPm9+Wmns:5EgOohMXAE1iGtSqUofRldWZ

Score
10/10
office04quasar

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

Office04

C2

b00t2root{beware_of_rats}:4782

Mutex

ad75b00d-a5f5-4610-b92e-49089054238c

Attributes
  • encryption_key

    2FA9AEBF5BFA7BCA311FBD75F4D348C08FA15CEF

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Client-built.bin.zip
    .zip

    Password: infected

  • Client-built.bin
    .exe windows:4 windows x86

    Password: infected

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections