General
-
Target
tmp
-
Size
3.1MB
-
Sample
230604-ngys4scf3w
-
MD5
9015c3d7db0f4918632bd515f5187148
-
SHA1
78f1ac578a3ad08c5da5eaab6b7423d772a9e159
-
SHA256
dc90c4dea9a7c84847fa536ac75123e39f077437cbafcc132c2537f8757f7578
-
SHA512
855ce4d97ddf6b50f3ca49d846d643c45ad668b3238280e9cee1a14dbdba754b37b27ba874aa8039695f263eaa5e4a785ca6047d65aad666f384557ecff6981d
-
SSDEEP
49152:zvDlL26AaNeWgPhlmVqvMQ7XSKvrRJ6kbR3LoGdogTHHB72eh2NT:zv5L26AaNeWgPhlmVqkQ7XSKvrRJ6u
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20230220-en
Malware Config
Extracted
quasar
1.4.1
Hacked
66.135.0.161:5890
127.0.0.1:5890
298708ab-b798-45b3-8858-08891ded7c8a
-
encryption_key
D0F0754E67B4CBC38801AC41F731FCB62478B8FF
-
install_name
Windowsdem64.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
scfhost
-
subdirectory
Windows64
Targets
-
-
Target
tmp
-
Size
3.1MB
-
MD5
9015c3d7db0f4918632bd515f5187148
-
SHA1
78f1ac578a3ad08c5da5eaab6b7423d772a9e159
-
SHA256
dc90c4dea9a7c84847fa536ac75123e39f077437cbafcc132c2537f8757f7578
-
SHA512
855ce4d97ddf6b50f3ca49d846d643c45ad668b3238280e9cee1a14dbdba754b37b27ba874aa8039695f263eaa5e4a785ca6047d65aad666f384557ecff6981d
-
SSDEEP
49152:zvDlL26AaNeWgPhlmVqvMQ7XSKvrRJ6kbR3LoGdogTHHB72eh2NT:zv5L26AaNeWgPhlmVqkQ7XSKvrRJ6u
-
Quasar payload
-