General

  • Target

    Bootstrapper (extract.me).zip

  • Size

    1.3MB

  • MD5

    2fa5f104c3b0286c739b4768e8b94c09

  • SHA1

    14d71866362ccebdf46eaaaa0d8c4b7605966d04

  • SHA256

    f75a45087aac828dd3f21760b5af31c5a83c7209a67645d5080c39129ff46488

  • SHA512

    7564e03bfcd6a804b6231c513c171b5063229a0430fe3e2c78537b2f7833c9bbb5eee9b16a8a870ad7e92dbaceb8ba8f04eca04b113910336c80486de89517b2

  • SSDEEP

    24576:JpRma1YACmHZFVZRo6HYSS9p5abZ4Ffb5MNliPoePloqtkxBk2Xv/p+KY4V:Y43/HZTTuWZ4Ffsliz7tcbf/f1V

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

wefdwef-34180.portmap.host:34180

Mutex

c4be1726-3f86-4f80-bc7c-0779b06ffeeb

Attributes
  • encryption_key

    97BF1FDCF446A7218FA05296FD8D8F0C41A6B1E7

  • install_name

    Bootstrapper.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Spotify

  • subdirectory

    system32

Signatures

  • Quasar family
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Bootstrapper (extract.me).zip
    .zip
  • Bootstrapper.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections