Overview

overview

10

Static

static

10

discord tools.exe

windows7-x64

10

discord tools.exe

windows10-2004-x64

10

Resubmissions

09-08-2024 00:46

240809-a42lmatcjl 10

09-08-2024 00:46

240809-a4t7jstbqq 10

08-08-2024 23:52

240808-3w6jtswfmb 10

08-08-2024 23:51

240808-3wdh2swfkb 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    discord tools.exe

  • Size

    3.1MB

  • MD5

    b0ca2644aaecce94ad8534214b0d68e3

  • SHA1

    d7f74a70d84d4ea43619a20af468aa326a0e5da4

  • SHA256

    b82f5cd3fe2da0e092fc146c0ea9c8d57a91130393b507a5baaa2cc495b677ef

  • SHA512

    6d4b28bc256f353579629f472fc48a0fc5038fc2ad81990671b252401cb9a697c137f30b60b851a7f502da01f9772b21059bc18b468b613717ebe97cf1d90166

  • SSDEEP

    49152:3vClL26AaNeWgPhlmVqvMQ7XSKJ5wrUh8vJiroGdZCBTHHB72eh2NT:3v6L26AaNeWgPhlmVqkQ7XSK1hxJ

Score
10/10
office04quasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.1.238:4782

Mutex

74df0c6c-7a6a-4568-9ec0-2f9c6a9d27f8

Attributes
  • encryption_key

    8C46BC313F0994B9EE81A665B3D4CE2B8B77E6E3

  • install_name

    discord tools.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    discord Client Startup

  • subdirectory

    SubDir

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • discord tools.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections