Overview

overview

10

Static

static

10

9b6ebab15a...cN.exe

windows7-x64

10

9b6ebab15a...cN.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    9b6ebab15a7a9c3bf69ed5a788a7c5f5dcbe8cca8948f399fa30a460c5585ffcN

  • Size

    3.1MB

  • MD5

    d0232493e7274ea06dcff1e0ac1ce690

  • SHA1

    1317960bdceb7e9c6c549ab1db9327ddf0cf5ef3

  • SHA256

    9b6ebab15a7a9c3bf69ed5a788a7c5f5dcbe8cca8948f399fa30a460c5585ffc

  • SHA512

    9d3056db1daae840c0e506d09cf405b94131858691f2ca9f5da529282adcdd7ba94c17616233bf2b5fea6ad310119a4eba1d1ddbe8cb3c3c6b6d56535420da70

  • SSDEEP

    49152:3vBt62XlaSFNWPjljiFa2RoUYIWlaEEmkNk/8FtoGdnTHHB72eh2NT:3vr62XlaSFNWPjljiFXRoUYIWla9v

Score
10/10
office04quasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

102.97.87.195:4444

Mutex

4ec5f3c6-1dd3-4f1c-9665-0ed47991e58e

Attributes
  • encryption_key

    F15789F80F92DC8F3DD2A603D0D30EECEE68C73A

  • install_name

    system32.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    ngu

  • subdirectory

    SubDir

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 9b6ebab15a7a9c3bf69ed5a788a7c5f5dcbe8cca8948f399fa30a460c5585ffcN
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections