Overview

overview

10

Static

static

10

534280e154...62.exe

windows7-x64

10

534280e154...62.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    534280e154dc967612dc97e9d4273b6f69436d374203ab0d6181608b6cb02362.exe

  • Size

    3.1MB

  • MD5

    f67e6aafbd9c86771f11c05ae83ae83e

  • SHA1

    c9fe04c78139d000182d89f4dd013e647db64cc0

  • SHA256

    534280e154dc967612dc97e9d4273b6f69436d374203ab0d6181608b6cb02362

  • SHA512

    f5d5b09a92a3bc7ff862cf87c5a4285e2ada1ec4cb9d5b1467e358ad3678a2dfe6acd2f1819b7f9646f1ef5e038c9ffb295ef8a6590a75cdf911913a5edaf27a

  • SSDEEP

    49152:avht62XlaSFNWPjljiFa2RoUYI+Y6a95fQrk/1LoGdpTHHB72eh2NT:avL62XlaSFNWPjljiFXRoUYI8aB

Score
10/10
office04quasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

interestingsigma.hopto.org:20

Mutex

11bbf22e-826e-486b-b024-adbd86228a9e

Attributes
  • encryption_key

    7A589EDBC6A581E125BF830EF0D05FC74BB75E30

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    ctfmon

  • subdirectory

    SubDir

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 534280e154dc967612dc97e9d4273b6f69436d374203ab0d6181608b6cb02362.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections