General

  • Target

    Release (1).rar

  • Size

    2.1MB

  • MD5

    d3efe853d6c513b2d6902725046b6ca5

  • SHA1

    c35339b4153832e66876908933636e129f7a1a2c

  • SHA256

    8904d96a473dd52cd5255e046d47148eb27cc778395fff4f220bbb9509f643d8

  • SHA512

    b737ca1a9a89141bfec0c78384b794abc04b141ee5c67425a0f96b2bf44dcd20b40cd8193bc05b83d80f542e1aca99df82e1be5bf0c2c9f8f8f7a83326d537ec

  • SSDEEP

    49152:LcfFNSDhMpeKfGO4xsJsDv+IVFH0xCf33auJ06cwPh2:WnoMrfGOpJsDv+UFHr/5S

Malware Config

Extracted

Family

quasar

Version

3.1.5

Botnet

Office04

C2

147.185.221.19:33587

Mutex

$Sxr-lG7PreqFKmNhJc0CKS

Attributes
  • encryption_key

    11fnZjAdVB1EIQVhl7wn

  • install_name

    DLLrunhost.exe

  • log_directory

    UpdLogs

  • reconnect_delay

    3000

  • startup_key

    WindowsAudioHelper

  • subdirectory

    Windows

Signatures

  • AgentTesla payload 1 IoCs
  • Agenttesla family
  • Quasar family
  • Quasar payload 1 IoCs
  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • Release (1).rar
    .rar
  • Guna.UI2.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • IDTOIPBYR_0.deps.json
  • IDTOIPBYR_0.dll
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • IDTOIPBYR_0.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • IDTOIPBYR_0.pdb
  • IDTOIPBYR_0.runtimeconfig.json
  • System.Management.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections