General

  • Target

    qua1copy.exe

  • Size

    3.1MB

  • MD5

    93c01f8db5d2ed29f0517e5127cc8e20

  • SHA1

    6dd1ec4bb3a44d49069c520147d3a2f770712f9d

  • SHA256

    1802c12195920564b376da69515b15bd80800b4f5e4c78fd7eb7ddc16eb4c16f

  • SHA512

    e88f5a48f13d6b398442cf4ed2486f2eafa9305869df1b9b8b8321207227fe1dbbc60f81f05f36e68a08f205f7a0a1db1b5196b309a57418e99b2e3ea0245858

  • SSDEEP

    24576:ay0l0qdGhU/yVzs01yI0ovMdtm0CFnlzTrKP:a3yayVt0okdt

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

45.66.231.154:4782

Mutex

4304b988-116c-4522-ab83-7f9ad875f60f

Attributes
  • encryption_key

    A6B8B9B9B02FC86103A59CE003D7B3B45DAF8550

  • install_name

    svchost.exe

  • log_directory

    svchost

  • reconnect_delay

    3000

  • startup_key

    svchost

  • subdirectory

    svchost

Signatures

  • Quasar family
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • qua1copy.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.