General

  • Target

    213598e4af847a8b3a86a751c7bae705c0ec5efcc957be8e781b800af0e4c42a

  • Size

    3.1MB

  • Sample

    240407-kxz5bshg89

  • MD5

    e6e5b0206d660d8d2b1f95489c47676c

  • SHA1

    b759f8b5d05359bc76231c38fa9a9908833d80f0

  • SHA256

    213598e4af847a8b3a86a751c7bae705c0ec5efcc957be8e781b800af0e4c42a

  • SHA512

    ab9aed935c04cd7cf28b0cc99b4f6c3eeec98e6c87d02fc63901ef535ccaa2ee7c9e88245d77fdf6daff871c8c97cd80e387ec05fd5b9f893c72efee656957c6

  • SSDEEP

    49152:uvbI22SsaNYfdPBldt698dBcjHtcHYmz61oGdJ41THHB72eh2NT:uvk22SsaNYfdPBldt6+dBcjHtcH6

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.192.132:4782

Mutex

676bf7d9-7be2-49c7-8dbc-e7aa151077ef

Attributes
  • encryption_key

    078128392C66507080448E997CEF10A11294A13A

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      213598e4af847a8b3a86a751c7bae705c0ec5efcc957be8e781b800af0e4c42a

    • Size

      3.1MB

    • MD5

      e6e5b0206d660d8d2b1f95489c47676c

    • SHA1

      b759f8b5d05359bc76231c38fa9a9908833d80f0

    • SHA256

      213598e4af847a8b3a86a751c7bae705c0ec5efcc957be8e781b800af0e4c42a

    • SHA512

      ab9aed935c04cd7cf28b0cc99b4f6c3eeec98e6c87d02fc63901ef535ccaa2ee7c9e88245d77fdf6daff871c8c97cd80e387ec05fd5b9f893c72efee656957c6

    • SSDEEP

      49152:uvbI22SsaNYfdPBldt698dBcjHtcHYmz61oGdJ41THHB72eh2NT:uvk22SsaNYfdPBldt6+dBcjHtcH6

MITRE ATT&CK Enterprise v15

Tasks