General

  • Target

    6ca670555f071e4114ae2bc4875432dc89d77c879ce2af068132023fc4485d08

  • Size

    3.1MB

  • Sample

    231226-c8qe9safhn

  • MD5

    f4397d70e3c4c8f9db08dd279b063c6f

  • SHA1

    0afa3cf8c216507e71f7b0637838b7cc85300070

  • SHA256

    6ca670555f071e4114ae2bc4875432dc89d77c879ce2af068132023fc4485d08

  • SHA512

    acf813dc92e7132b6f3018a294c050c2e98bd15d25c3cccaf73c6427789322ef6de1b67d43fcde497cd4aaea69ec9290e8eb683f7d2e1585bea752f65e40d0bc

  • SSDEEP

    49152:mvHI22SsaNYfdPBldt698dBcjH5cRJ6WbR3LoGdxTHHB72eh2NTC:mvo22SsaNYfdPBldt6+dBcjH5cRJ6Q

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

101.37.69.75:4782

Mutex

2fbb1666-5749-4fe5-ab71-a6419768cd65

Attributes
  • encryption_key

    1B75943E1426ACBA828FED22296C6D252DFAFCDB

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      6ca670555f071e4114ae2bc4875432dc89d77c879ce2af068132023fc4485d08

    • Size

      3.1MB

    • MD5

      f4397d70e3c4c8f9db08dd279b063c6f

    • SHA1

      0afa3cf8c216507e71f7b0637838b7cc85300070

    • SHA256

      6ca670555f071e4114ae2bc4875432dc89d77c879ce2af068132023fc4485d08

    • SHA512

      acf813dc92e7132b6f3018a294c050c2e98bd15d25c3cccaf73c6427789322ef6de1b67d43fcde497cd4aaea69ec9290e8eb683f7d2e1585bea752f65e40d0bc

    • SSDEEP

      49152:mvHI22SsaNYfdPBldt698dBcjH5cRJ6WbR3LoGdxTHHB72eh2NTC:mvo22SsaNYfdPBldt6+dBcjH5cRJ6Q

MITRE ATT&CK Matrix

Tasks