Overview

overview

10

Static

static

10

13ab82eaa0...aN.exe

windows7-x64

10

13ab82eaa0...aN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    13ab82eaa0b66f49e8e06f537579a2eae9bb9d547e128ddf8741b74ad7c138aaN.exe

  • Size

    3.1MB

  • MD5

    cf19123181beb16f3be5cc855592f420

  • SHA1

    b006731480857f5a0fdc18a6046a143258706b85

  • SHA256

    13ab82eaa0b66f49e8e06f537579a2eae9bb9d547e128ddf8741b74ad7c138aa

  • SHA512

    87fd9f475741fbabaf13f5047e305994a3a673f7d6e381edb0002af11b67ac5fbc7b146b60ec9816470589e1dcaefe0003129614475e149432940c97b36e7d7b

  • SSDEEP

    49152:SvPlL26AaNeWgPhlmVqvMQ7XSKXExNESEWk/i5LoGdhTHHB72eh2NT:SvdL26AaNeWgPhlmVqkQ7XSKUxVJ

Score
10/10
office04quasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.43.100:8888

192.168.43.100:4444
Mutex

99559ed1-51e2-4523-8e07-e3b36ebf2083

Attributes
  • encryption_key

    464067E99FD8E5E67E93A2CB031CD49F3927F634

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup2

  • subdirectory

    ComApp

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 13ab82eaa0b66f49e8e06f537579a2eae9bb9d547e128ddf8741b74ad7c138aaN.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections