Overview

overview

10

Static

static

10

Update.exe

windows7-x64

10

Update.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Update.exe

  • Size

    413KB

  • MD5

    1646711c224bff90075c63e282c7a509

  • SHA1

    dcb31c89ea750a0c7f201f0b35ec886d7f56b485

  • SHA256

    b11faba7760b0fdb433ab416944a6c420db27216981aee61749f44bb51e61cb8

  • SHA512

    826a1cf500ae1802bf55e5e73525e6a7c14a9e788c8e779291675b47e0a18424e49e369e39d3861b0e8491d230b5019c8db38632ee16f78a27fa8929c9d007df

  • SSDEEP

    6144:aNmEjkzQT1TVNVSSL+4LuTWhDW3+y4WbjHSKr1MkP+7ZKvxueoLqGGe:i1TVV7ScaYS3vrHSKr1M85vxueoLlGe

Score
10/10
office04quasar

Malware Config

Extracted

Family

quasar

Version

3.1.5

Botnet

Office04

C2

late-mills.gl.at.ply.gg:21882

Mutex

$Sxr-H1UAIiBrogH7Kydvmf

Attributes
  • encryption_key

    65yyFHEhMNxs2L9wZOfw

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    SeroXen Client Startup

  • subdirectory

    SubDir

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Update.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections