General

  • Target

    Solara Executor V2.rar

  • Size

    1.2MB

  • MD5

    51e6735ce2042e2ba0c187a3c47ff2df

  • SHA1

    0902722a7e18a5a90c81dc786ab3b5ec616f2d70

  • SHA256

    a83f40624d7d8f6f769e672c41a72785bb623fa6f87640aac16cd7300599b21e

  • SHA512

    bcd27ec0ef174fd44e8295d84196ea4da9f9f7d15dd9fb814b9a8608c7585e723eb6ad415317648654e3b97a15e35d4b9c9d5702c2e4b55a2f78203fa8d7be72

  • SSDEEP

    24576:w2TfBF51vJNv35DAcR3VXXslc7lHR+tOJyZkZN0z1qCA8G2gA7bprFarC1RuQBrn:w2bBb1vucnnGc7lHRPIyMhA8pgAHpJUY

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.68.119:4782

realwz-34142.portmap.host:34142

Mutex

6eb5c908-87fa-4e33-a3b3-a6eaa2455bad

Attributes
  • encryption_key

    458FF650B9D9D277FD5A8DC74175331B7B2FC1B9

  • install_name

    Downloader.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    SolaraExecutor

  • subdirectory

    SubDir

Signatures

  • Quasar family
  • Quasar payload 1 IoCs
  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • Solara Executor V2.rar
    .rar

    Password: infected

  • Solara Executor V2/Download (RUN FIRST).exe
    .exe windows:4 windows x86 arch:x86

    Password: infected

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • Solara Executor V2/Solara Executor.exe
    .exe windows:4 windows x86 arch:x86

    Password: infected

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections