General

  • Target

    0dd4e8e7d52d991a91fe92b18985aa8a.exe

  • Size

    3.3MB

  • Sample

    240626-g1gwdasdlp

  • MD5

    0dd4e8e7d52d991a91fe92b18985aa8a

  • SHA1

    4a14138403945ca46d0389b8ff0870e0a7668394

  • SHA256

    01d7838a7a970a4fca588740cf6f8129f4ae01b0d9936eb43a1aff9436b848a2

  • SHA512

    8bfcb4dfcb1e1eb6878a58ca5b4e6536fa5438e10aaa622b5334361d61b76e6c707d543ee39b19a8774a16338cedd19e67b3a69ce661f493f269d9d4b80e863f

  • SSDEEP

    49152:86AB10yeNg09VzFykrQemyrj6fyAX4935tbgGUVQvAYKO2did9iN88P5skcP:3Y0yeNgOzF/QOrj1AoYiGOyiMT

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office01

C2

117.18.7.76:3782

Mutex

aca38053-8f4c-4318-8064-b82244352311

Attributes
  • encryption_key

    FD2DE574AF7E363A5304DF85B3475F93A948C103

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Windows Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      0dd4e8e7d52d991a91fe92b18985aa8a.exe

    • Size

      3.3MB

    • MD5

      0dd4e8e7d52d991a91fe92b18985aa8a

    • SHA1

      4a14138403945ca46d0389b8ff0870e0a7668394

    • SHA256

      01d7838a7a970a4fca588740cf6f8129f4ae01b0d9936eb43a1aff9436b848a2

    • SHA512

      8bfcb4dfcb1e1eb6878a58ca5b4e6536fa5438e10aaa622b5334361d61b76e6c707d543ee39b19a8774a16338cedd19e67b3a69ce661f493f269d9d4b80e863f

    • SSDEEP

      49152:86AB10yeNg09VzFykrQemyrj6fyAX4935tbgGUVQvAYKO2did9iN88P5skcP:3Y0yeNgOzF/QOrj1AoYiGOyiMT

MITRE ATT&CK Matrix

Tasks