General

  • Target

    b52c82a883e375e6c9746970bebbcb650923640bf3064841fe9576dac002e794

  • Size

    3.1MB

  • Sample

    231103-fc382aeb83

  • MD5

    c6cd40f9abe3e2f57c2d168a45619f3e

  • SHA1

    7936b73c5553bc7240d7fa212fc53e781b256b9b

  • SHA256

    b52c82a883e375e6c9746970bebbcb650923640bf3064841fe9576dac002e794

  • SHA512

    f4e4a3c5e1a10a7bbde1d6d98711aa2b749f911e25985524ab87cc36f8187abfabec15358b6ba5423911b8b9f92542048890f2b8d4867d1d1ca52695f5affa85

  • SSDEEP

    49152:zvTlL26AaNeWgPhlmVqvMQ7XSKYxOEMkTk/JxioGdNTHHB72eh2NT:zvJL26AaNeWgPhlmVqkQ7XSKYxKI

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

johndoenut-37242.portmap.host:37242

Mutex

05d65bcc-6c5f-460e-8d45-6684ae1bccaa

Attributes
  • encryption_key

    E344F0D25DB3F3E7A00CE18CF48552DBF8F97F5F

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      b52c82a883e375e6c9746970bebbcb650923640bf3064841fe9576dac002e794

    • Size

      3.1MB

    • MD5

      c6cd40f9abe3e2f57c2d168a45619f3e

    • SHA1

      7936b73c5553bc7240d7fa212fc53e781b256b9b

    • SHA256

      b52c82a883e375e6c9746970bebbcb650923640bf3064841fe9576dac002e794

    • SHA512

      f4e4a3c5e1a10a7bbde1d6d98711aa2b749f911e25985524ab87cc36f8187abfabec15358b6ba5423911b8b9f92542048890f2b8d4867d1d1ca52695f5affa85

    • SSDEEP

      49152:zvTlL26AaNeWgPhlmVqvMQ7XSKYxOEMkTk/JxioGdNTHHB72eh2NT:zvJL26AaNeWgPhlmVqkQ7XSKYxKI

MITRE ATT&CK Enterprise v15

Tasks