General

  • Target

    aa.exe

  • Size

    3.1MB

  • MD5

    3e8cdd629813c4e75a1b2e6d6c46d39f

  • SHA1

    98a6b4bcfe37ffc5a8a2884d8b0b1f9b0e5f1444

  • SHA256

    d12e1428a758363be465222740a635e1cce61d4dda7373cfdce035f3051aeccd

  • SHA512

    42491a72c8a60c566b73a15afe67e667242991124fff3420f66d7e8444dc995893fa79a1f32f91d29611410be4c0c651e701e815b01f3d5fbc72ac3e0c048466

  • SSDEEP

    49152:CvUt62XlaSFNWPjljiFa2RoUYIbNRJ6qbR3LoGdpTHHB72eh2NT:CvI62XlaSFNWPjljiFXRoUYIbNRJ6E

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

193.161.193.99:1194

Mutex

37c3d2aa-6a36-4ee8-a4be-f1c3187fbd03

Attributes
  • encryption_key

    E9EE5B51F341491A9CE8837BE89BB18191B86C1E

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    python

  • subdirectory

    SubDir

Signatures

  • Quasar family
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • aa.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections