General
-
Target
e0e6b3b96f2bfcc2b8b1fd893413848f0de9e10f671b3a4078a7f4557776b331
-
Size
413KB
-
MD5
be2501da52e86c9497ecbb4fe47db6d7
-
SHA1
e82d45c9950ae7ac70b9d739768eedbf8ffe08eb
-
SHA256
e0e6b3b96f2bfcc2b8b1fd893413848f0de9e10f671b3a4078a7f4557776b331
-
SHA512
4ac46b504a6ff48249710d0a3ee77ba8db19adfe853982de3e521a40a8677e2bd72372317d7293bc0e7e61dd52efee6bd229c3e471312bcec9135e100e0a238f
-
SSDEEP
6144:jKrHLhDzf4HC7JuMEGME1Ah9Gebcz5xF92NJPiJCN3ZsqZGP:GVfYCEE1Avwz5xGnsCN3ZswGP
Score
10/10
Malware Config
Extracted
Family
quasar
Version
3.1.5
Botnet
Office04
C2
born-brandon.gl.at.ply.gg:55020
Mutex
$Sxr-hhtE0U6diMyEc3g5mT
Attributes
-
encryption_key
EmmKy773MnuMUK4WIMhm
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
SeroXen Client Startup
-
subdirectory
SubDir
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
e0e6b3b96f2bfcc2b8b1fd893413848f0de9e10f671b3a4078a7f4557776b331
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections