Overview

overview

10

Static

static

10

73cccea9d4...92.exe

windows7-x64

10

73cccea9d4...92.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    73cccea9d49d5ce21d970cae4a15f1b91cf60958b14bf073fe74a001320b9792.exe

  • Size

    3.1MB

  • MD5

    2509e17e01e8d4e592e91f72527e8d8a

  • SHA1

    0b9fae7588b07589c419b3b33383f60a653a0177

  • SHA256

    73cccea9d49d5ce21d970cae4a15f1b91cf60958b14bf073fe74a001320b9792

  • SHA512

    67c45daab9ded46c97d49993c86272ce361e99fb9e26f82689d6a9c815132489d95943d3ca3d1581a5096eabd558f596c05bb937b48fb5952a3776773deed674

  • SSDEEP

    49152:Ovwt62XlaSFNWPjljiFa2RoUYIYUYkoBLJLoGAHTHHB72eh2NT:Ov862XlaSFNWPjljiFXRoUYIYrkM

Score
10/10
officejjquasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

OfficeJJ

C2

alabama.myddns.me:5555

Mutex

3bfcc63d-287a-4281-b45c-7e618ad63ce8

Attributes
  • encryption_key

    5987ABDB44F04A2F8244717C14848E28EF12042C

  • install_name

    windir.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Windir

  • subdirectory

    WinDir

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 73cccea9d49d5ce21d970cae4a15f1b91cf60958b14bf073fe74a001320b9792.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections