General
-
Target
Client-built.exe
-
Size
502KB
-
Sample
230213-gbnydsae5t
-
MD5
5237b93d2d17acaf7a267b15fc0ccbe1
-
SHA1
6043203d6b444e2a5b7fe987b174de399e86506f
-
SHA256
84c3dc415b33a603a95326c1fc0334642c9be314c47479012edacb6c1fbf278a
-
SHA512
9db8957bef2cf0ec1b623d5f51508d807224ad4e52d928e6d73cdbef15cdcaecdacf2230f0472156a9ddc80a5ae6c4203e705e4e11b29dfd767a70b4ccaf313e
-
SSDEEP
6144:YTEgdc0YlXAGbgiIN2RSBV9icQn1Q1bTCecEcib8F9SU5kxm1VCbcTR3W:YTEgdfY5bgJrBCeMFXSmYbcdW
Malware Config
Extracted
quasar
1.4.0
build
license-boolean.at.ply.gg:29998
d997b199-e165-4e11-9fc8-9f99cc4eda57
-
encryption_key
C801F4FDAF210ACC5EE3523E76B50F0FB67C2020
-
install_name
build.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
windows update
-
subdirectory
build
Targets
-
-
Target
Client-built.exe
-
Size
502KB
-
MD5
5237b93d2d17acaf7a267b15fc0ccbe1
-
SHA1
6043203d6b444e2a5b7fe987b174de399e86506f
-
SHA256
84c3dc415b33a603a95326c1fc0334642c9be314c47479012edacb6c1fbf278a
-
SHA512
9db8957bef2cf0ec1b623d5f51508d807224ad4e52d928e6d73cdbef15cdcaecdacf2230f0472156a9ddc80a5ae6c4203e705e4e11b29dfd767a70b4ccaf313e
-
SSDEEP
6144:YTEgdc0YlXAGbgiIN2RSBV9icQn1Q1bTCecEcib8F9SU5kxm1VCbcTR3W:YTEgdfY5bgJrBCeMFXSmYbcdW
-
Quasar payload
-
Executes dropped EXE
-