General

  • Target

    jignesh.exe

  • Size

    3.1MB

  • MD5

    64da51697ac726c1e27f5d7899c89cac

  • SHA1

    29f336e761644ff1bd932d5649b5275fd7fd79b3

  • SHA256

    611f6deadda658b042a6636e5e69c381fa65ed5cab95d2e8f5e43c285ed3cfc7

  • SHA512

    a4a123f0787b23a29c77ae6a3baa348cddbfe8b0232d0562982874462f49cf3ec4066356837780be8b3b516d640049b47e4cfea0e0659e37beed8f2265d92751

  • SSDEEP

    49152:Wvht62XlaSFNWPjljiFa2RoUYISURJ6jbR3LoGddTHHB72eh2NT:WvL62XlaSFNWPjljiFXRoUYISURJ6V

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

98.51.190.130:20

Mutex

11bbf22e-826e-486b-b024-adbd86228a9e

Attributes
  • encryption_key

    7A589EDBC6A581E125BF830EF0D05FC74BB75E30

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    ctfmon

  • subdirectory

    SubDir

Signatures

  • Quasar family
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • jignesh.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections