General
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://pcapi-server.com/download/Zhuriken.exe
Resource
win10-20240404-en
18 signatures
300 seconds
Behavioral task
behavioral2
Sample
https://pcapi-server.com/download/Zhuriken.exe
Resource
win10v2004-20240611-en
18 signatures
300 seconds
Malware Config
Extracted
Family
quasar
Version
1.4.1
Botnet
Office04
C2
91.92.253.215:4782
Mutex
4304b988-116c-4522-ab83-7f9ad875f60f
Attributes
-
encryption_key
A6B8B9B9B02FC86103A59CE003D7B3B45DAF8550
-
install_name
Client.exe
-
log_directory
ZhurikenLogs
-
reconnect_delay
3000
-
startup_key
Zhuriken Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
https://pcapi-server.com/download/Zhuriken.exe
-
Quasar payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-