General

  • Target

    SRCkey.exe

  • Size

    3.1MB

  • MD5

    d0fa55b027cf3268483208bc5087bf14

  • SHA1

    758d9396522e8458159bb7b5186340caf767f691

  • SHA256

    c1fba0fc260e24b6f42a72d8725aac400465890e5ee1a422cd567229ec1609bc

  • SHA512

    418ae9524de8f7326fe77c2664f1cdf2f807c0a50fe6e2619cc32fb863eff08a1b3ec26c029f1e319f540e9074380e8ca2dc9fb3f65e0cb2d26947037967f48b

  • SSDEEP

    49152:PvyI22SsaNYfdPBldt698dBcjHkrRJ6VbR3LoGdGTHHB72eh2NT:Pvf22SsaNYfdPBldt6+dBcjHkrRJ6n

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.8.180:4782

Mutex

b532486b-fe2e-45a2-ac9b-42f784c55957

Attributes
  • encryption_key

    33E00C0591CE60DF8D1A4C8EBCF120A2AD5D348C

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Microsoft defender

  • subdirectory

    SubDir

Signatures

  • Quasar family
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • SRCkey.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections