Overview

overview

10

Static

static

10

5b41a8ac5a...4d.exe

windows7-x64

10

5b41a8ac5a...4d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5b41a8ac5a68ab33e4891ea03533e8ea650c16dd669d277decae2f00217a1e4d.exe

  • Size

    3.1MB

  • MD5

    fa5f99ff110280efe85f4663cfb3d6b8

  • SHA1

    ad2d6d8006aee090a4ad5f08ec3425c6353c07d1

  • SHA256

    5b41a8ac5a68ab33e4891ea03533e8ea650c16dd669d277decae2f00217a1e4d

  • SHA512

    a3b898f758060f124c443422c6dc88ba80d9892890b25d21e37a1d3947cd4b9dbef403382ee6e28c1007785a63c5fa387f7d00403db433eb59c03d0b2a88b50e

  • SSDEEP

    49152:evkt62XlaSFNWPjljiFa2RoUYIYiaJpFZwk/zLoGdWr1THHB72eh2NT:ev462XlaSFNWPjljiFXRoUYIlaj

Score
10/10
office04quasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

havocc.ddns.net:4782

Mutex

6a533ca9-c745-463c-8bba-b6aaa9eb7fab

Attributes
  • encryption_key

    CB213225C623A8CB39D3E1628CD4D7E7D686A7F3

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Discord

  • subdirectory

    SubDir

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 5b41a8ac5a68ab33e4891ea03533e8ea650c16dd669d277decae2f00217a1e4d.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections