Overview

overview

10

Static

static

10

495058aeaf...09.exe

windows7-x64

10

495058aeaf...09.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    495058aeaf20ed292bfd433eb7bfa85c7fca16fd7da9174169327d7ed59a4709

  • Size

    3.1MB

  • MD5

    fd498a7e4ed986702fc761ab1c4a81e9

  • SHA1

    e692d2d82b6479236d804fcdf1707cc9dc8d83e3

  • SHA256

    495058aeaf20ed292bfd433eb7bfa85c7fca16fd7da9174169327d7ed59a4709

  • SHA512

    97d0a48a97bc1b330c44610ee33022fa4bc8f1077338ca69eaf627bd2ca6ae6dfdc86a08cf95d79502a93dac6fe72da4fa58b25cea0a9024f3b4c74d52db88c8

  • SSDEEP

    49152:evXt62XlaSFNWPjljiFa2RoUYI2DNk9hivJ6LoGdTTHHB72eh2NT:ev962XlaSFNWPjljiFXRoUYIphL

Score
10/10
office04quasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

172.20.150.175:8808

Mutex

1eb0a79a-787c-4beb-a7fe-0b2cfd667fa6

Attributes
  • encryption_key

    C29B7F15245870C49876E2EE9D4791A3D8C283C5

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    1500

  • startup_key

    tanium

  • subdirectory

    SubDir

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 495058aeaf20ed292bfd433eb7bfa85c7fca16fd7da9174169327d7ed59a4709
    .exe windows:4 windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections