General
-
Target
Cold War Tool Free by R7XZ2.exe
-
Size
664KB
-
Sample
230207-a7v81sbh5s
-
MD5
28b47c7dd2743e312aa5665d2237bbaf
-
SHA1
8c0b0bd93738f6d3c7299073fa046a9923c43d94
-
SHA256
0e75d20dc4bbc6e47d8af2a28ff28efac659bb5b6d1ba69a904ac3d338e0e2cb
-
SHA512
75766bfcf5b90f0ab6c755e6d531377e73838aba956d1597e10d451172ba4df1243a26bc95b996e55f8b013c862e21e06eb48dfa1f00dce131e6e296f3a101f8
-
SSDEEP
6144:yTEgdc0YXXbZvdo6EsRwdfuniFBlh/6KnFwQHocE8cb8F9bObLGnJ2cTR3j:yTEgdfY9do6Wu6hFwMHMn+4cdj
Behavioral task
behavioral1
Sample
Cold War Tool Free by R7XZ2.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Cold War Tool Free by R7XZ2.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
quasar
1.4.0
ColdWar Tool by FXC11
91.121.214.19:1605
ee2a25d7-e4a9-452c-9a5f-a26bb677dfa1
-
encryption_key
F9F475501C6D2B1102A497EB1C3D52C90B8E007E
-
install_name
QuickPump.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Windows Defender Real Time Protection
-
subdirectory
SubDir
Targets
-
-
Target
Cold War Tool Free by R7XZ2.exe
-
Size
664KB
-
MD5
28b47c7dd2743e312aa5665d2237bbaf
-
SHA1
8c0b0bd93738f6d3c7299073fa046a9923c43d94
-
SHA256
0e75d20dc4bbc6e47d8af2a28ff28efac659bb5b6d1ba69a904ac3d338e0e2cb
-
SHA512
75766bfcf5b90f0ab6c755e6d531377e73838aba956d1597e10d451172ba4df1243a26bc95b996e55f8b013c862e21e06eb48dfa1f00dce131e6e296f3a101f8
-
SSDEEP
6144:yTEgdc0YXXbZvdo6EsRwdfuniFBlh/6KnFwQHocE8cb8F9bObLGnJ2cTR3j:yTEgdfY9do6Wu6hFwMHMn+4cdj
Score10/10-
Quasar payload
-
Executes dropped EXE
-