General

  • Target

    test.exe

  • Size

    3.3MB

  • MD5

    fbeec3a99ddfa31e7aac9b09f4ca8158

  • SHA1

    2b66e39b1e98320db37578a317021f870a39302b

  • SHA256

    6aada60dd11d7a1157b24ccffa3d6ef2b5200487779ea648c36a92ffdba93af8

  • SHA512

    62bc3ee9f312d341116c37c8c0e781896699aa598e7904c2eb6fe5374aa17eda77fa053346e9909bf5677b4ccd59e7ea8e6d4ac5c637f434532abd040f24f88d

  • SSDEEP

    49152:KvyI22SsaNYfdPBldt698dBcjHdffaBxtFoGdKTHHB72eh2NT:Kvf22SsaNYfdPBldt6+dBcjHRfK

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.0.220:1234

Mutex

1086eee1-251e-49e1-b643-b2a2bc0e42ea

Attributes
  • encryption_key

    A0937AB413B78114B0DA85D9EA95BA3AF9187438

  • install_name

    Updater.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Application Frame Handler

  • subdirectory

    Security

Signatures

  • Quasar family
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • test.exe
    .exe windows:4 windows x86 arch:x86

    Password: testvirus

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections