Overview

overview

10

Static

static

10

gorilla ta...er.exe

windows11-21h2-x64

10

Resubmissions

05/05/2024, 16:37

240505-t5an3sfa2v 10

05/05/2024, 14:01

240505-rbh29aca5x 10

Sharing

Copy URL Twitter E-mail

General

  • Target

    gorilla tag unbanner.exe

  • Size

    3.1MB

  • MD5

    dcc9008554ff51c1e83ce79cbf0b1853

  • SHA1

    61b842981e61a5433eec233698d176806d3e0842

  • SHA256

    688cbd72d84e023d52b26b8dda9d38b853eb77bf767cf5af3a263c0a34b80a3c

  • SHA512

    9876121d2864cc451f8ef384c555681e57512131836e17f4a14cb94241ad09bcb703f7565256db89ca4961d1df42ed2b080670e38d53d521a35f4eb90fdbfff6

  • SSDEEP

    49152:bvvI22SsaNYfdPBldt698dBcjHLn+y+BxefoGdsW8THHB72eh2NT:bvg22SsaNYfdPBldt6+dBcjH7+yz

Score
10/10
office04quasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.52.1:4782

Mutex

1ad97fdd-48b7-45ef-9add-0e87268e3322

Attributes
  • encryption_key

    C5E3382A0ADEB8FC87C6ADC1DC088AFDEB6B7A26

  • install_name

    client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • gorilla tag unbanner.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections