Overview

overview

10

Static

static

10

50ac75d321...06.exe

windows7-x64

10

50ac75d321...06.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    50ac75d3218d94d21c6a105fb70515b7c107ddd6b19729305181952d3c319906

  • Size

    3.1MB

  • MD5

    04d15829766011728efd73fcccc336ee

  • SHA1

    ce5ecb155d8f0ffd994c97463717091cd3a783e9

  • SHA256

    50ac75d3218d94d21c6a105fb70515b7c107ddd6b19729305181952d3c319906

  • SHA512

    345570f69d7a12125cfcec91af7a0862b9a1d3b17294cacb493fd17a68894cfc703212c7d9c47b0228f0359d14a220dae3593b639c63c3bb761ab24009b840a9

  • SSDEEP

    49152:evgt62XlaSFNWPjljiFa2RoUYIciRJ6AbR3LoGdptYLvTHHB72eh2NT:evM62XlaSFNWPjljiFXRoUYIciRJ6aZ

Score
10/10
office04quasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

34.118.240.134:4782

Mutex

3883ec68-2e6b-4205-9c46-309374d0dbd5

Attributes
  • encryption_key

    A017538C132243F782A50E3E3600DE3A100F19FA

  • install_name

    yuke.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Google Chrome

  • subdirectory

    sub

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 50ac75d3218d94d21c6a105fb70515b7c107ddd6b19729305181952d3c319906
    .exe windows:4 windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections