Overview

overview

10

Static

static

10

5c383cff50...0N.exe

windows7-x64

10

5c383cff50...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5c383cff50ac7c9f8ec2ac05464302885def4d389f6592340c23ade7eb5f5000N.exe

  • Size

    502KB

  • MD5

    7f6ef73a37700d318d19912b27d0c760

  • SHA1

    f8a3cb6f1359076955fa9a0729d09b8eb7fc60fd

  • SHA256

    5c383cff50ac7c9f8ec2ac05464302885def4d389f6592340c23ade7eb5f5000

  • SHA512

    8516266e89bbadf08841e9b17c673c5cbfdf76e754922f0db704261da08dae231f2902bff1f86c64ddb618290f8f00a731d0dce2de4b7522e78d584929848e51

  • SSDEEP

    6144:cTEgdc0YzXAGbgiIN2RSBwbPdTEDIKBDkQfocE9Ob8F9PQ5BZcTR3+:cTEgdfYjbgnhDktpWTZcd+

Score
10/10
officequasar

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

office

C2

192.168.147.1:4782

Mutex

fefeb1a4-7034-4293-a517-f90e7365e8e2

Attributes
  • encryption_key

    4111EB4E3452F3046C6F5DFE90F84F08D3E1BB9C

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    036234237

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 5c383cff50ac7c9f8ec2ac05464302885def4d389f6592340c23ade7eb5f5000N.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections