Overview

overview

10

Static

static

10

Cyber-Secu...D).exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Cyber-Security Nuker (UPDATED).exe

  • Size

    3.1MB

  • MD5

    ac73e69fc419907a58784fd50471168d

  • SHA1

    c936621828f889a8123f6057eb66fc38ebd6f293

  • SHA256

    371530ba596376ff7fd76425f681d102ab2d171675620070035cbb0e1d1a0516

  • SHA512

    74416db9fef10e50ab5acae785fbd005ecf16ce94022eb8a7d18d3f1bfc23242e7b5a180d6ff825281ae64fc1df513040ac87be7cb79060df96ca609e78b030e

  • SSDEEP

    49152:rvyI22SsaNYfdPBldt698dBcjHbdIR9karHNoGdjKTHHB72eh2NT:rvf22SsaNYfdPBldt6+dBcjHC97

Score
10/10
office04quasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.68.67:4782

Mutex

dcb0af0e-4f78-426b-9489-43ea356dc0f7

Attributes
  • encryption_key

    0807120B930C7C14B2B5A7F6550477313E81C7B9

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Cyber-Security Nuker (UPDATED).exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections