General
-
Target
wlient-built.exe
-
Size
502KB
-
Sample
230220-w1vjssbh62
-
MD5
d2069e2af97134b9b1a756754400a393
-
SHA1
7f047216101c25a74d280fe720029597c4403159
-
SHA256
a01469219fd37aa56923f2d6dee5b2026af25069ae44abb866a53b563add1971
-
SHA512
84a266c7d273b319ab06d61e0394d76e985b887d5f9ba2293600911898c7f9f9e43dacbffbeb58b769fde5b738b5351e5d5ffefc7d1affebad452ed309433c3c
-
SSDEEP
6144:NTEgdc0YlX7IxUpGREWrOUyJxZTP4bRwcEr7b8F94WkAtcTR3u:NTEgdfYexUW3G0w7QyWkAtcdu
Behavioral task
behavioral1
Sample
wlient-built.exe
Resource
win7-20220901-en
Malware Config
Extracted
quasar
1.4.0
Office04
staff-defines.at.ply.gg:444
2e9761cb-ec4c-4ce1-a7ad-c3b29a10d95c
-
encryption_key
B502E88905C46E4DDCA7F9C490E1523FE06B4C01
-
install_name
Okay.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
SenpaiClient
-
subdirectory
SubDir
Targets
-
-
Target
wlient-built.exe
-
Size
502KB
-
MD5
d2069e2af97134b9b1a756754400a393
-
SHA1
7f047216101c25a74d280fe720029597c4403159
-
SHA256
a01469219fd37aa56923f2d6dee5b2026af25069ae44abb866a53b563add1971
-
SHA512
84a266c7d273b319ab06d61e0394d76e985b887d5f9ba2293600911898c7f9f9e43dacbffbeb58b769fde5b738b5351e5d5ffefc7d1affebad452ed309433c3c
-
SSDEEP
6144:NTEgdc0YlX7IxUpGREWrOUyJxZTP4bRwcEr7b8F94WkAtcTR3u:NTEgdfYexUW3G0w7QyWkAtcdu
-
Quasar payload
-
Executes dropped EXE
-
Drops file in System32 directory
-