General
-
Target
1bbf7d818b40f8fa0da224e39f27829bb7d8a8bdbec66fa62cfba39cd0d6d3fd
-
Size
3.1MB
-
MD5
35110eedb3518d1905b88025bf11b77d
-
SHA1
c39e96cc0dcb14065984c3d3fbff331070e37feb
-
SHA256
1bbf7d818b40f8fa0da224e39f27829bb7d8a8bdbec66fa62cfba39cd0d6d3fd
-
SHA512
08a3db05d373eb18f9b86fcea5b4338bd4cf3ca60df9906873bc0eb4d2dd6bc544890d23543df9be0848647d89a14d51010a7498bf8041c6872d8af768e035d2
-
SSDEEP
49152:DvDI22SsaNYfdPBldt698dBcjHEhE3uarOLoGdtTHHB72eh2NT:Dv822SsaNYfdPBldt6+dBcjHZ3I
Score
10/10
Malware Config
Extracted
Family
quasar
Version
1.4.1
Botnet
Office04
C2
192.168.1.55:4782
Mutex
87124d35-b950-4c06-bdf9-de6bd7aaa9ef
Attributes
-
encryption_key
CF3A949D653E8E253D64DB361EE16669CD9DE402
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
1bbf7d818b40f8fa0da224e39f27829bb7d8a8bdbec66fa62cfba39cd0d6d3fd
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections