General

  • Target

    RyansProject.rar

  • Size

    1.0MB

  • MD5

    44d6e8a53cff50cc3363e729ce3ecb04

  • SHA1

    c9b66072ab2179194baee927b4ab04d43d64ddf5

  • SHA256

    17f1c062b320bd3c8b938a07f9518affaf837fc253fe20c624187faa114938ae

  • SHA512

    a93a888e5438c9a1d7453874da93d6aa860fd92be616d4a349870f025c3c79ab3ed24403f635d3e1496799930ac08c9c1f58cf0580720a70bbf43c2aaad11189

  • SSDEEP

    24576:chwvvo1pFZy66oGQ87rPp0Zu/mZh0NYUhtSoMnPVPanJbnOgzBgLwKjV:cAQFo66TrhclvZUXS+5OgmwKp

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.1.226:4782

Mutex

aec627fa-aba4-45fa-a0fc-e456110a730a

Attributes
  • encryption_key

    7D414F9EC5601C94A757DDCDCF7C7A7809D8CFD0

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Signatures

  • Quasar family
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • RyansProject.rar
    .rar
  • RyansProject.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections