General
-
Target
a53732f6b49c8d9b99b7bdad38c3255f7ea944e14b86c8f674dd3187c74e808e.exe
-
Size
348KB
-
MD5
1e9812a1888c470d13eb21fa9a782277
-
SHA1
567d226e5bb40bec7b3e93a740140df88ecdcd5c
-
SHA256
a53732f6b49c8d9b99b7bdad38c3255f7ea944e14b86c8f674dd3187c74e808e
-
SHA512
6b9c5b38d9a09b63cee437b33611a5fcb4a43b5a56eec693279fac4bd4fef4c1971d2be8cd9b357ed2d2e84ca8b2f4b84876d31ea67c19d3c26dbf8b1e743f47
-
SSDEEP
6144:x7NHXf500MEZXBpc96nbsebHgAA7yITIXE8dWS:Fd50Yc96bMVL2E8AS
Score
10/10
Malware Config
Extracted
Family
quasar
Version
1.3.0.0
Botnet
Office04
C2
192.168.234.157:1234
Mutex
QSR_MUTEX_5bycvm6yUpl1GsdPT8
Attributes
-
encryption_key
oHEH69w2AAxVFHtx6W9f
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
a53732f6b49c8d9b99b7bdad38c3255f7ea944e14b86c8f674dd3187c74e808e.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections