General
-
Target
Prestige-Injector(3).exe
-
Size
3.1MB
-
MD5
d1675434eee067b0a023a3c31cf7ba75
-
SHA1
baf38fe44bfea1a3f4ef5c387b71d2e08e7edc29
-
SHA256
fd5b712e067c1089aed9df7588844adef501a2c9742107a564a408965fb87c12
-
SHA512
2316bc1b93a8b816963c5199f2fecaabaaef355bd8047af3c3b432250ae92e3010db45887a57176d1a639849f70c9c16fdec5b28c3f9ab9a166456fb003657ec
-
SSDEEP
49152:rvyI22SsaNYfdPBldt698dBcjH7CD2a95fQ7k/PLoGdNTHHB72eh2NT:rvf22SsaNYfdPBldt6+dBcjHe6aD
Score
10/10
Malware Config
Extracted
Family
quasar
Version
1.4.1
Botnet
Office04
C2
192.168.1.83:4782
Mutex
20eb3b08-32c9-45df-9d5a-fb58af454c08
Attributes
-
encryption_key
22C1A62E3E9EE906C0C8F9D30DA34D63B8A197BA
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
Prestige-Injector(3).exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections