General
-
Target
AerisBoostrapper-13-2.zip
-
Size
1.2MB
-
MD5
a592816082d74d974297695818fffcc7
-
SHA1
29d1292abd18cabc922538b078a8f73678c6a6f2
-
SHA256
965b676b1f41d84e4db8100d4658eaaf99cebc90d2e2430bd48bcc7634d257d6
-
SHA512
b3f330638ba3ea0c53477cf7bfda6de57f749e0c14f385afabd8497b9c05531beea0f8ad14cb151caa077390a72c0329e4e16ee7456226fc205735ebee70db34
-
SSDEEP
24576:m3K0XoHCW/HxEAijmMa77zBgFXKUQfC+ZVcOEZXOx5aQGh5hGopf8a85:mfoioHLwm577yA7n+OEZQ5fGhGop0a85
Score
10/10
Malware Config
Extracted
Family
quasar
Version
1.4.1
Botnet
Office04
C2
192.168.7.254:4782
Mutex
ec379305-a810-4d7e-97bd-07901661d993
Attributes
-
encryption_key
4F7174D194172642AE5CB98C8155E3A959E610E5
-
install_name
MsMpEng.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Windows Security
-
subdirectory
SubDir
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
AerisBoostrapper-13-2.zip
-
AerisBoostrapper-13-2.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections