General

  • Target

    ef7f08ba6d40fb6a41d518c42f5791bb2d9348468c51d6e0356836003503191e

  • Size

    3.1MB

  • Sample

    231226-c9sxsaahem

  • MD5

    7c42ef709161b7d40e6d056c9410ed07

  • SHA1

    6cb8a16d7371c242fdb063713a44a02a441a4849

  • SHA256

    ef7f08ba6d40fb6a41d518c42f5791bb2d9348468c51d6e0356836003503191e

  • SHA512

    0ea7595a12baabb533e8e3bcba73989e6199a5f101e8f0c9f24c4396d2dfe292a62fb556be2d74c0c105cd377a0014989e990b86c0a6e203d097b96df4475b73

  • SSDEEP

    49152:fvGI22SsaNYfdPBldt698dBcjHQVRJ6tbR3LoGdSTHHB72eh2NT:fvL22SsaNYfdPBldt6+dBcjHQVRJ6/

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

101.37.69.75:4782

Mutex

2fbb1666-5749-4fe5-ab71-a6419768cd65

Attributes
  • encryption_key

    1B75943E1426ACBA828FED22296C6D252DFAFCDB

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      ef7f08ba6d40fb6a41d518c42f5791bb2d9348468c51d6e0356836003503191e

    • Size

      3.1MB

    • MD5

      7c42ef709161b7d40e6d056c9410ed07

    • SHA1

      6cb8a16d7371c242fdb063713a44a02a441a4849

    • SHA256

      ef7f08ba6d40fb6a41d518c42f5791bb2d9348468c51d6e0356836003503191e

    • SHA512

      0ea7595a12baabb533e8e3bcba73989e6199a5f101e8f0c9f24c4396d2dfe292a62fb556be2d74c0c105cd377a0014989e990b86c0a6e203d097b96df4475b73

    • SSDEEP

      49152:fvGI22SsaNYfdPBldt698dBcjHQVRJ6tbR3LoGdSTHHB72eh2NT:fvL22SsaNYfdPBldt6+dBcjHQVRJ6/

MITRE ATT&CK Enterprise v15

Tasks