General
-
Target
e22eded04f63ee8412924d986e3a522f.bin
-
Size
3.1MB
-
MD5
e22eded04f63ee8412924d986e3a522f
-
SHA1
ca0b817a54f1401b43b412013c0a948a03155619
-
SHA256
cbc58336a25eddf588be0b4c90fa9dd0267e545489b14c53505a53125a1a49db
-
SHA512
6ae9c8cf956939a15b3c6fdc40b905f0d5bb03e665309d0a15e3956f9912bd491087ad8cabbacd0dd7e0a2e50fca1af2f055805c8748105c43afc5bff85ba89e
-
SSDEEP
49152:Dv6I22SsaNYfdPBldt698dBcjHa++PJH1LoGdDTTHHB72eh2NT:Dv322SsaNYfdPBldt6+dBcjHa++Pz
Score
10/10
Malware Config
Extracted
Family
quasar
Version
1.4.1
Botnet
Office04
C2
pringelsy-44550.portmap.host:44550
Mutex
ed30a1b2-d1a0-4e30-a860-b77fa3f71c40
Attributes
-
encryption_key
49F9D3CAD835E70C60B54E401E356C16B3822AE8
-
install_name
Opera GX.exe
-
log_directory
Logs
-
reconnect_delay
1000
-
startup_key
OperaVPN
-
subdirectory
common Files
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
e22eded04f63ee8412924d986e3a522f.bin
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections