Overview

overview

10

Static

static

10

afd443ef09...0N.exe

windows7-x64

10

afd443ef09...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    afd443ef091542b721f8510fbd780940N.exe

  • Size

    3.1MB

  • MD5

    afd443ef091542b721f8510fbd780940

  • SHA1

    774599e1ca5d27dacc7cec53c83960da0488d38e

  • SHA256

    6622906f56ca396047aab25479982389dd8aebe40c606f60ea2cf04256ded6db

  • SHA512

    fb41339e1e09c0d89435e3912598b0a265eb756197ec9987dfb20cdcd2151df294194072619aa021338848522e18c8e7a02548a967ca313dda87a2bc7743ebf9

  • SSDEEP

    49152:SvbI22SsaNYfdPBldt698dBcjHfxOEMkfk/Jx2oGdXTHHB72eh2NT:Svk22SsaNYfdPBldt6+dBcjHfx6E

Score
10/10
office04quasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

64.42.179.51:21791

Mutex

56861e91-056a-40ce-86c6-b29a7c7b1b9b

Attributes
  • encryption_key

    6D6E44F66971D00FE47A874C036836A7D411D0F4

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • afd443ef091542b721f8510fbd780940N.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections