General

  • Target

    5ff2becf2c56500cb71898f661c863e647a96af33db38d84d7921dc7dbf4f642.exe

  • Size

    3.1MB

  • MD5

    ff8c68c60f122eb7f8473106d4bcf26c

  • SHA1

    0efa03e7412e7e15868c93604372d2b2e6b80662

  • SHA256

    5ff2becf2c56500cb71898f661c863e647a96af33db38d84d7921dc7dbf4f642

  • SHA512

    ab92ef844a015c3fcbfba313872b922bff54184b25623ed34f4829bd66a95af081cdeefd35425a4d3b9d9085ccf8c25045cf6093d74a5c8c35012c1b7546688e

  • SSDEEP

    49152:XvPD/2oga6ctePEl3s3jn7HZkgoZbnmz9QnGdBTHHB72eh2NT:XvL/2oga6ctePEl3s3L7HZkgoZbb

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

193.161.193.99:20466

Mutex

62455511-c72a-4743-bad9-b518c9ed4b32

Attributes
  • encryption_key

    CE4DD36EB249EF1D16AFC772A047491835C33346

  • install_name

    Windows Defender SmartScreen (32 bit).exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Server Client Startup

  • subdirectory

    WindowsLockerZAP

Signatures

  • Quasar family
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 5ff2becf2c56500cb71898f661c863e647a96af33db38d84d7921dc7dbf4f642.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections