Overview

overview

10

Static

static

10

Update.exe

windows7-x64

10

Update.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    128s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20-10-2024 01:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Update.exe

  • Size

    413KB

  • MD5

    1646711c224bff90075c63e282c7a509

  • SHA1

    dcb31c89ea750a0c7f201f0b35ec886d7f56b485

  • SHA256

    b11faba7760b0fdb433ab416944a6c420db27216981aee61749f44bb51e61cb8

  • SHA512

    826a1cf500ae1802bf55e5e73525e6a7c14a9e788c8e779291675b47e0a18424e49e369e39d3861b0e8491d230b5019c8db38632ee16f78a27fa8929c9d007df

  • SSDEEP

    6144:aNmEjkzQT1TVNVSSL+4LuTWhDW3+y4WbjHSKr1MkP+7ZKvxueoLqGGe:i1TVV7ScaYS3vrHSKr1M85vxueoLlGe

Score
10/10
quasaroffice04discoveryexecutionspywaretrojan

Malware Config

Extracted

Family

quasar

Version

3.1.5

Botnet

Office04

C2

late-mills.gl.at.ply.gg:21882

Mutex

$Sxr-H1UAIiBrogH7Kydvmf

Attributes
  • encryption_key

    65yyFHEhMNxs2L9wZOfw

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    SeroXen Client Startup

  • subdirectory

    SubDir

Signatures

  • Quasar RAT 3 IoCs

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar