Overview

overview

10

Static

static

10

532-78-0x0...ry.exe

windows7-x64

532-78-0x0...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    532-78-0x0000000000400000-0x0000000000724000-memory.dmp

  • Size

    3.1MB

  • MD5

    03c7b376ad3754420309c42f8b84cf7c

  • SHA1

    26289533f656afb9aa4a78fa6bbb61e714fbdd51

  • SHA256

    6d0c093c77e6f3f5a1a7ddd90c2472f02bf62558596fd29775cfef786cc17d9b

  • SHA512

    546d2a2790ef34da9bf67abe42040830f05b26eea3e022b177406a8291365ad2711d84352f216284bda56e305ba35f4e524dc5b4a92fcfa30b73c5ee0546f6a8

  • SSDEEP

    49152:uvGlL26AaNeWgPhlmVqvMQ7XSKMwG/oGHEy/THHB72eh2NT:uvGL26AaNeWgPhlmVqkQ7XSKMw2

Score
10/10
office04quasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

microsoftbackup.duckdns.org:47600

Mutex

b97303a2-a8f5-4170-91c1-56adceee5081

Attributes
  • encryption_key

    A31E078A7CC45D3676D5AE3FB460C3E365219397

  • install_name

    Client.exe

  • log_directory

    Log

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 532-78-0x0000000000400000-0x0000000000724000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections