General
-
Target
Client-built.exe
-
Size
3.1MB
-
Sample
230530-r91pysab78
-
MD5
59821db4fc3efdd9d78185a16efa5917
-
SHA1
9a53b49c3e42a83e6833c0da4107bae862b4d6b9
-
SHA256
a5d114be9a4e5f601a6d855b25b7e206d60f55f9a605ad1c8ebafd964fa1ed70
-
SHA512
d3d0f978a50edbe669b68ece5ba183b75bcfa701185370682227501daf643ee08fa22f7e540f00c604459f986b73e11601401c11ed48b8f50ed5fe848af4fd29
-
SSDEEP
49152:0v/t62XlaSFNWPjljiFa2RoUYI+ZyP+vEVTHHB72eh2NT:0vV62XlaSFNWPjljiFXRoUYI+Zi
Behavioral task
behavioral1
Sample
Client-built.exe
Resource
win7-20230220-en
Malware Config
Extracted
quasar
1.4.1
Bob681
181.215.176.73:59955
4a19a6ac-9ac6-4cbd-ab2f-1e469ebe93aa
-
encryption_key
01A024E271E79DC5F555EC503C0E2AB6090246F2
-
install_name
repl.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
replstart
-
subdirectory
repl
Targets
-
-
Target
Client-built.exe
-
Size
3.1MB
-
MD5
59821db4fc3efdd9d78185a16efa5917
-
SHA1
9a53b49c3e42a83e6833c0da4107bae862b4d6b9
-
SHA256
a5d114be9a4e5f601a6d855b25b7e206d60f55f9a605ad1c8ebafd964fa1ed70
-
SHA512
d3d0f978a50edbe669b68ece5ba183b75bcfa701185370682227501daf643ee08fa22f7e540f00c604459f986b73e11601401c11ed48b8f50ed5fe848af4fd29
-
SSDEEP
49152:0v/t62XlaSFNWPjljiFa2RoUYI+ZyP+vEVTHHB72eh2NT:0vV62XlaSFNWPjljiFXRoUYI+Zi
-
Quasar payload
-
Executes dropped EXE
-