General

  • Target

    main.zip

  • Size

    1.2MB

  • MD5

    34bd7cb79b747b689eb0a7c1e6429bff

  • SHA1

    2ae1849a806ddb6651d36e8a9cb75911ac0c9d28

  • SHA256

    370a1ac54255d09c5870186a4156f6f58894876c66f1b249a082d3cb91f482af

  • SHA512

    bef00c5d12069628636fb7313c5a690d2e80c51c8ffce73fcf05beea422af8ff13e4af3ff56df99786cc32309f5435ae02074e18d447c094048eb0c9c492b025

  • SSDEEP

    24576:Ht03E4sy0cXUCnlnl3zz5rNeAaEcbMMZ6VnTFepJCyCSBFt8:qlsjCnll3zMExw007B4

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.0.113:4782

Mutex

c82ea6b0-d255-45fb-b0eb-547ab14c0e9e

Attributes
  • encryption_key

    045BFCAC42C40445C0D8EBEF569DD1BF4BB62A56

  • install_name

    Build-client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Signatures

  • Quasar family
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • main.zip
    .zip
  • Solara-Download-main/Boostrapper.exe
  • Solara-Download-main/Build-Client.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • Solara-Download-main/README.md
  • Solara-Download-main/Solara.exe