General

  • Target

    ce77c5f039801216f1bfc23b75cb23b4bd1e2f469bf2c404652f21e6b362832a

  • Size

    3.1MB

  • Sample

    231108-mt72wahh2x

  • MD5

    883ae1df90fc932ea299b3feabb704d5

  • SHA1

    81036168cd80ca1aa8405e8ca407b94d2edf8239

  • SHA256

    ce77c5f039801216f1bfc23b75cb23b4bd1e2f469bf2c404652f21e6b362832a

  • SHA512

    52d60d278c292e5b5b70d3a78ffff10f297f01ed67bb61cfc779f0f9bd8bc2abfa475f8e8380a352198a2373646d20526d0705015a09709a3614479219e1ce00

  • SSDEEP

    49152:2vOI22SsaNYfdPBldt698dBcjHXjRJ6TbR3LoGd69THHB72eh2NT:2vj22SsaNYfdPBldt6+dBcjHXjRJ6F

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

154.9.253.177:4782

Mutex

042704a9-d5ef-4f19-8977-836e363ce545

Attributes
  • encryption_key

    F316950DD7A20E38BC0F9A281A1D2DFF277BA603

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      ce77c5f039801216f1bfc23b75cb23b4bd1e2f469bf2c404652f21e6b362832a

    • Size

      3.1MB

    • MD5

      883ae1df90fc932ea299b3feabb704d5

    • SHA1

      81036168cd80ca1aa8405e8ca407b94d2edf8239

    • SHA256

      ce77c5f039801216f1bfc23b75cb23b4bd1e2f469bf2c404652f21e6b362832a

    • SHA512

      52d60d278c292e5b5b70d3a78ffff10f297f01ed67bb61cfc779f0f9bd8bc2abfa475f8e8380a352198a2373646d20526d0705015a09709a3614479219e1ce00

    • SSDEEP

      49152:2vOI22SsaNYfdPBldt698dBcjHXjRJ6TbR3LoGd69THHB72eh2NT:2vj22SsaNYfdPBldt6+dBcjHXjRJ6F

MITRE ATT&CK Enterprise v15

Tasks