General

  • Target

    ba59fb813ff718db8a17c4e5d244793d2199383969843ad31d09727b5e5ff156.exe

  • Size

    3.1MB

  • MD5

    a813f565b05ee9df7e5db8dbbcc0fa43

  • SHA1

    f508e738705163233b29ba54f4cb5ec4583d8df1

  • SHA256

    ba59fb813ff718db8a17c4e5d244793d2199383969843ad31d09727b5e5ff156

  • SHA512

    adb431c372c2e1d0f6019bedefe16a2253fcf76929ba7e2b9f9cc7a253137920615121a1a64f7003a43f39e8b17ace233daca32b2933b6953aa6cf558b834e2e

  • SSDEEP

    98304:aydj2yMy5en93hlLLzJjVrv3zs9Yv+Wcvy:pLYvzs9Yv+Wcv

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

Office04

C2

microsoftsys.ddns.net:4782

Mutex

67e0653d-eedf-4888-88ab-78e97eb2df27

Attributes
  • encryption_key

    23E5F6D22FEE1750D36544A759A48349B064BC34

  • install_name

    PerfWatson1.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    svhost

  • subdirectory

    KDOT

Signatures

  • Quasar family
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • ba59fb813ff718db8a17c4e5d244793d2199383969843ad31d09727b5e5ff156.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections