Overview

overview

10

Static

static

10

Client-built.exe

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Client-built.exe

  • Size

    3.4MB

  • MD5

    92ef6e944f11d3582ef138ffd0cd5b37

  • SHA1

    3e94571815b703aec95efd4bf9e88085f4d12abd

  • SHA256

    6f123aca70739fbbe50ebadddf7fa7a5d43c660997d99089d8934e20a10c89eb

  • SHA512

    70ce8a7f79af32c64a4519b75e5e4de00f960b1f7188c4a54a6c4305f999cd8dc4ffe4eb61dd6f430362bd97d7b5c348d20a2980cd9be8c75922599ccff33382

  • SSDEEP

    98304:DvuL26AaNeWgPhlmVqkQ7XSKEQQupn5RpW34fW+BxKSWv:ru4S+Q+0I3BYX

Score
10/10
office04quasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.56.1:4782

192.168.1.93:4782
Mutex

e9b5a8e3-2ffb-4d65-856a-8802f3e906e2

Attributes
  • encryption_key

    171BABC024DB8B81031E32E5C02FCD5588448502

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Client-built.exe
    .exe windows:4 windows x86 arch:x86

    Password: afe43

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections