General
Static task
static1
URLScan task
urlscan1
Malware Config
Extracted
Family
quasar
Version
1.4.1
Botnet
Office04
C2
192.168.68.119:4782
realwz-34142.portmap.host:34142
Mutex
6eb5c908-87fa-4e33-a3b3-a6eaa2455bad
Attributes
-
encryption_key
458FF650B9D9D277FD5A8DC74175331B7B2FC1B9
-
install_name
Downloader.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
SolaraExecutor
-
subdirectory
SubDir
Targets
-
-
Target
https://github.com/frSouth/Solara/raw/main/Solara%20Executor%20V2.rar
-
Quasar payload
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-