General

  • Target

    Premium_Cleaner(Cracked by st).exe

  • Size

    3.2MB

  • MD5

    f89428aba2b28f3124d40f262710fc46

  • SHA1

    0b9db50a873682e781b0e378004b0d7e6b415f78

  • SHA256

    e51b436055f0e48e04b3c7c89dce20ac35aef6d63b178c42d6285cf21401ec4a

  • SHA512

    16e576b694ed0ee9796d13504a6489ff501eb2b9cd576e442318090d46f5433afce4ce39d031e8eca92b95a4b90a6dc9926b13d04021ef48d9bf3d8698165540

  • SSDEEP

    49152:QvyI22SsaNYfdPBldt698dBcjHAfRJ6pbR3LoGdFkTHHB72eh2NT:Qvf22SsaNYfdPBldt6+dBcjHAfRJ6r

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

Sentiax-51535.portmap.io:51535

Mutex

b16f14a5-eba8-46dc-b974-11a9193ee5c1

Attributes
  • encryption_key

    504CA536F80AA42E62457478D8A6A72CDC6CA06F

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Premium_Cleaner(Cracked by st)

  • subdirectory

    SubDir

Signatures

  • Quasar family
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Premium_Cleaner(Cracked by st).exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections