General
-
Target
Client-built.exe
-
Size
3.1MB
-
Sample
230530-rew4aaaa25
-
MD5
d5745aeed95df53334f3e3de9808b874
-
SHA1
88877da94ce9c4121d5f5eb3fa9edb9fdf3a80ce
-
SHA256
8cb80c88fea397c4b823bbe69891809fefb8fe98224a1552ac0cced93ed3437c
-
SHA512
fe9512143d7020dadb5968025e3198d11dcebe66a0407c79ba27dc09a7459247c7265988a102749bed44c6b79e4b797a28268cbe2da03a58e47d2b19224ad413
-
SSDEEP
49152:0v/t62XlaSFNWPjljiFa2RoUYI+ZyP+vEzTHHB72eh2NT:0vV62XlaSFNWPjljiFXRoUYI+Zi
Behavioral task
behavioral1
Sample
Client-built.exe
Resource
win7-20230220-en
Malware Config
Extracted
quasar
1.4.1
Office04
181.215.176.73:59955
efc7c4e1-67b9-4193-a637-9063d2f6052c
-
encryption_key
01A024E271E79DC5F555EC503C0E2AB6090246F2
-
install_name
repl.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
replstart
-
subdirectory
repl
Targets
-
-
Target
Client-built.exe
-
Size
3.1MB
-
MD5
d5745aeed95df53334f3e3de9808b874
-
SHA1
88877da94ce9c4121d5f5eb3fa9edb9fdf3a80ce
-
SHA256
8cb80c88fea397c4b823bbe69891809fefb8fe98224a1552ac0cced93ed3437c
-
SHA512
fe9512143d7020dadb5968025e3198d11dcebe66a0407c79ba27dc09a7459247c7265988a102749bed44c6b79e4b797a28268cbe2da03a58e47d2b19224ad413
-
SSDEEP
49152:0v/t62XlaSFNWPjljiFa2RoUYI+ZyP+vEzTHHB72eh2NT:0vV62XlaSFNWPjljiFXRoUYI+Zi
-
Quasar payload
-
Executes dropped EXE
-