General
-
Target
358b3ab1e4adca50e3707fe6c8a409be.exe
-
Size
502KB
-
Sample
221128-srhbbsdb59
-
MD5
358b3ab1e4adca50e3707fe6c8a409be
-
SHA1
f8fd21480ef96b52766cf0739ca742fd0191719d
-
SHA256
49c28afc5251fc17d33de601ba75e53b3e1502cbbe8b504be3badc3cfdf7dcf2
-
SHA512
83f7e1d7d5c795483f73931cec2e90951a267ca4592ed4a27e3e8874bac506b2904b0fe24a07179b08b99049b1b1e109945e167b30cd2c95305a6bdd5dd1aed1
-
SSDEEP
6144:sTEgdc0YuXO0l6HeR9iUnD3kmAVlOv/5Etqi+yw4YUcEqOb8F9qYuVjcTR3a:sTEgdfYIl6wTkIu4ryw+6pwZVjcda
Behavioral task
behavioral1
Sample
358b3ab1e4adca50e3707fe6c8a409be.exe
Resource
win7-20220812-en
Malware Config
Extracted
quasar
1.4.0
Update
2cool4school.ddns.net:6520
2cool4school.ddns.net:6522
3af59cee-aaa9-4385-bf90-0bf1acadc44f
-
encryption_key
274C4CB45396A47039F9292DF2A754DC52225502
-
install_name
update.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Update
-
subdirectory
SubDir
Targets
-
-
Target
358b3ab1e4adca50e3707fe6c8a409be.exe
-
Size
502KB
-
MD5
358b3ab1e4adca50e3707fe6c8a409be
-
SHA1
f8fd21480ef96b52766cf0739ca742fd0191719d
-
SHA256
49c28afc5251fc17d33de601ba75e53b3e1502cbbe8b504be3badc3cfdf7dcf2
-
SHA512
83f7e1d7d5c795483f73931cec2e90951a267ca4592ed4a27e3e8874bac506b2904b0fe24a07179b08b99049b1b1e109945e167b30cd2c95305a6bdd5dd1aed1
-
SSDEEP
6144:sTEgdc0YuXO0l6HeR9iUnD3kmAVlOv/5Etqi+yw4YUcEqOb8F9qYuVjcTR3a:sTEgdfYIl6wTkIu4ryw+6pwZVjcda
-
Quasar payload
-
Executes dropped EXE
-