General
-
Target
tmp
-
Size
502KB
-
Sample
230218-xpsfqsdb74
-
MD5
bbd0db3230e57aeb7ca23e59aadf0134
-
SHA1
fdda0bfd08bbd74557dd878bda12f05368befb7d
-
SHA256
741a3f8b91ad8ef7bf2936bafddb95200b0f3083a6933d1d82c278baaa6ec9c7
-
SHA512
4393b5dcac40f0b36bf85e50f66ed299a95c298b5c8e4853aae8e5f84ab7d2cb64a989728b21135e2730afaddd60002872e517e8b67b68085f97345ff4a6baf3
-
SSDEEP
6144:VTEgdc0YpXAGbgiIN2RSBuSBtPB+a9VIvyTcEi9b8F9vkDC+ROcTR32:VTEgdfYlbgRljSCN8CQOcd2
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220812-en
Malware Config
Extracted
quasar
1.4.0
Office04
flingmodder-53370.portmap.io:53370
c16cce68-0a86-440c-89b1-c088c1c8b4cb
-
encryption_key
9BFDFBA45AE2C2C16DA4EEEA02438784B89CACC0
-
install_name
svchost.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
svchost
-
subdirectory
windows
Targets
-
-
Target
tmp
-
Size
502KB
-
MD5
bbd0db3230e57aeb7ca23e59aadf0134
-
SHA1
fdda0bfd08bbd74557dd878bda12f05368befb7d
-
SHA256
741a3f8b91ad8ef7bf2936bafddb95200b0f3083a6933d1d82c278baaa6ec9c7
-
SHA512
4393b5dcac40f0b36bf85e50f66ed299a95c298b5c8e4853aae8e5f84ab7d2cb64a989728b21135e2730afaddd60002872e517e8b67b68085f97345ff4a6baf3
-
SSDEEP
6144:VTEgdc0YpXAGbgiIN2RSBuSBtPB+a9VIvyTcEi9b8F9vkDC+ROcTR32:VTEgdfYlbgRljSCN8CQOcd2
-
Quasar payload
-
Executes dropped EXE
-