General
-
Target
Client-built5.exe
-
Size
502KB
-
Sample
230126-hlt3tsec6z
-
MD5
367d0e44520f35022b064d8a5abd803d
-
SHA1
9a05aab1b349fa675f1a0e89942086230036ddb2
-
SHA256
e37336f3a830ac428d316728926465c52d3439ee70b313d16a2da722ee9bac5b
-
SHA512
55d8b92a49169cbd99740899d8f8d9976ac7239e6a01647f34976cdea4c3597f78c22b52b2bcd29409dd897f073d61bea56b1208f811d1f762fc5d0e2d3c66e3
-
SSDEEP
6144:5TEgdc0YzXAGbgiIN2RSBStwkIKGgRsHbRscEIOb8F9HctvM9xpGr8cTR3a:5TEgdfYjbguHKs4pG1aLGr8cda
Behavioral task
behavioral1
Sample
Client-built5.exe
Resource
win7-20220812-en
Malware Config
Extracted
quasar
1.4.0
Office04
192.168.0.195:1604
fffd6dc4-1f37-4e65-b7aa-0102dd3decf4
-
encryption_key
894D60DF1A73A828E12DB9DF734CD59FBE6522AB
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
Client-built5.exe
-
Size
502KB
-
MD5
367d0e44520f35022b064d8a5abd803d
-
SHA1
9a05aab1b349fa675f1a0e89942086230036ddb2
-
SHA256
e37336f3a830ac428d316728926465c52d3439ee70b313d16a2da722ee9bac5b
-
SHA512
55d8b92a49169cbd99740899d8f8d9976ac7239e6a01647f34976cdea4c3597f78c22b52b2bcd29409dd897f073d61bea56b1208f811d1f762fc5d0e2d3c66e3
-
SSDEEP
6144:5TEgdc0YzXAGbgiIN2RSBStwkIKGgRsHbRscEIOb8F9HctvM9xpGr8cTR3a:5TEgdfYjbguHKs4pG1aLGr8cda
-
Quasar payload
-
Executes dropped EXE
-