General
-
Target
Ware_Spoofer(val.fn tur).exe
-
Size
3.1MB
-
MD5
897b8e80b77f2377d647b561d0872016
-
SHA1
d67e44a4113d3dcc36ec0d6adced197c9d4a8af1
-
SHA256
fb20e2bfb2e143208a8be2207531660b2c9425367d1eabecb20fd0bca5d9e6af
-
SHA512
6b20fdfc3d83de813d0cfa8d55f094d6598611c03b1d9a799246ef7d783b7ac3b48c8abd47d37f66aae90d41778483ab2f60def82a92db34e8fffd91846398f0
-
SSDEEP
49152:3vKlL26AaNeWgPhlmVqvMQ7XSKaGfCxTyDxk/b8oGd2EUTHHB72eh2NT:3vyL26AaNeWgPhlmVqkQ7XSKPCu
Score
10/10
Malware Config
Extracted
Family
quasar
Version
1.4.1
Botnet
Office04
C2
alex123123123141-55070.portmap.host:55070
Mutex
0d351e2e-bde5-4d66-91dd-b2ae0085d0ba
Attributes
-
encryption_key
47E7581078CF97F0C60773AFD27D7C68D4136B61
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
Ware_Spoofer(val.fn tur).exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections