Overview

overview

10

Static

static

10

2416-0-0x0...ry.exe

windows7-x64

2416-0-0x0...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    2416-0-0x0000000000400000-0x0000000000724000-memory.dmp

  • Size

    3.1MB

  • MD5

    8c33d034af3416cfa6d9490ecf0d928e

  • SHA1

    6ad2bf62c48b7e5c20e3660e52f5525b3b2ea730

  • SHA256

    67edadf4f7a30f83a6c7adb4ed4d3cb690b57106e4889565448844558b5d34d3

  • SHA512

    f4bddb24ea5b82874faa8c36254fbaee0bc271c7b067c90007a7757b36bdadf380a7a80b51432b94c6737489a958c1042e1c64bf915510c751e5c514922246f5

  • SSDEEP

    49152:uvWI22SsaNYfdPBldt698dBcjHNW4vpBxq0oGdQ1THHB72eh2NT:uv722SsaNYfdPBldt6+dBcjHNBvR

Score
10/10
office04quasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

217.196.96.37:5678

Mutex

561ba2d7-836d-4eba-8688-03a4852a44b9

Attributes
  • encryption_key

    B97A933CE9789DFB0A082900F0B084F3B8D36164

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2416-0-0x0000000000400000-0x0000000000724000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections