General

  • Target

    1c43c0188fdae13ea8efca2f4d02b9e25a733ec5a01e46dbe757b10e26987e95

  • Size

    3.1MB

  • MD5

    766060f6568ae32f9509562cede078cb

  • SHA1

    978fd4ba4a6b2605de31b28b02162a609a1c467a

  • SHA256

    1c43c0188fdae13ea8efca2f4d02b9e25a733ec5a01e46dbe757b10e26987e95

  • SHA512

    452c499b538f881bbf47da1d0e156464b808b6a37cf017e9d2a9a007a09d70e29db7e6ec5dad5acf03e30afe14912a91f7004e592b9fd45a2f2fca8ab9878ec3

  • SSDEEP

    49152:nvulL26AaNeWgPhlmVqvMQ7XSKfn7RJ6abR3LoGdbTHHB72eh2NT:nveL26AaNeWgPhlmVqkQ7XSKf7RJ60

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

El-Kaide-36693.portmap.host:36693

Mutex

34fdb5eb-c15b-4565-9e7b-f5f3b56d3fca

Attributes
  • encryption_key

    60E284A9CD988AF8E0CBA13DDAC0B989F7507F62

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Signatures

  • Quasar family
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1c43c0188fdae13ea8efca2f4d02b9e25a733ec5a01e46dbe757b10e26987e95
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections