Overview

overview

10

Static

static

10

1448c05feb...0N.exe

windows7-x64

10

1448c05feb...0N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    1448c05feb875505160c1c704b1d09a0N.exe

  • Size

    3.1MB

  • MD5

    1448c05feb875505160c1c704b1d09a0

  • SHA1

    9d4adcb1f6d6547b0eeb853fa8efc733161946c4

  • SHA256

    0f1de884c0d366a8b38e72c37d5fe371795f922da5fbe02666a6d13259c83318

  • SHA512

    bb30cc733ed92c262aabf1e12bfe734db8230afd9b9ccad8e2713d3a9dcbbf3aa4042cbe263e91d9642251df0e06318617fd367625bebe8cabb0b10c1cf20eee

  • SSDEEP

    49152:bviI22SsaNYfdPBldt698dBcjH4bxNESE8k/iaLoGdJuTHHB72eh2NT:bvv22SsaNYfdPBldt6+dBcjHcxvE

Score
10/10
office04quasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

ustwo.mnt.mhnode.cn:22513

Mutex

15898316-9920-4e4e-af4d-38cbffa26de2

Attributes
  • encryption_key

    1120794142B3EA82D2AEC3FE7D29792A69E20DB5

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1448c05feb875505160c1c704b1d09a0N.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections