General
-
Target
f0e2c9077145df06fc292d0d7583c5e5.exe
-
Size
3.1MB
-
MD5
f0e2c9077145df06fc292d0d7583c5e5
-
SHA1
7c6182b7d61fe8a12670021f8499326b83e1e3f4
-
SHA256
a841a1fe8b81516cb7d07d1bf57d663a26ce360e61f2f90c9dc046e9280bd318
-
SHA512
a5a64a73d8d310974849998d7288d763b63397c67d7c4a1cf4102d7bf588b3891af8e7ed6d1322e6e3c35ca258bd06a8d7aa23bda551372ead819fa90126f701
-
SSDEEP
49152:7vmI22SsaNYfdPBldt698dBcjHcHxNESEOk/irLoGdfrTHHB72eh2NT:7vr22SsaNYfdPBldt6+dBcjHIxF3
Score
10/10
Malware Config
Extracted
Family
quasar
Version
1.4.1
Botnet
Office04
C2
gjhfhgdg.insane.wang:3634
Mutex
5943d26f-e34d-4af2-bb6f-9aa3b1840ec8
Attributes
-
encryption_key
997411AC284CD97048B61F90B41B906864F1171B
-
install_name
dfsdff.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
windows defender process
-
subdirectory
fsfsf
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
f0e2c9077145df06fc292d0d7583c5e5.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections