General
-
Target
371d633006158f2c89f3730b938ddc4e42c2832b.png
-
Size
624B
-
Sample
230606-l9ympsdb57
-
MD5
69452d13127d4c960ead3b1212530683
-
SHA1
4d998eb0e1e3ebbd16ad61685d16f9608142d953
-
SHA256
e5349547d8f8928be45acaadcfa70997fd0ee846f182d0cc270a089e963e1e93
-
SHA512
b649e0962d0294da46d814e3592cae7d07a366b49798504abc967f7080f089e28268e56a8ef5d08e1f00003df5409e9d547e43001ae68fef4b4674d1e4afc201
Static task
static1
Behavioral task
behavioral1
Sample
371d633006158f2c89f3730b938ddc4e42c2832b.png
Resource
win10-20230220-en
Behavioral task
behavioral2
Sample
371d633006158f2c89f3730b938ddc4e42c2832b.png
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
371d633006158f2c89f3730b938ddc4e42c2832b.png
Resource
ubuntu1804-amd64-20221125-en
Behavioral task
behavioral4
Sample
371d633006158f2c89f3730b938ddc4e42c2832b.png
Resource
debian9-armhf-en-20211208
Behavioral task
behavioral5
Sample
371d633006158f2c89f3730b938ddc4e42c2832b.png
Resource
debian9-mipsbe-20221125-en
Behavioral task
behavioral6
Sample
371d633006158f2c89f3730b938ddc4e42c2832b.png
Resource
debian9-mipsel-20221111-en
Malware Config
Extracted
quasar
1.4.1
Office04
10.127.0.198:4782
86fa21e9-bbe4-49b9-b2cd-2dd9def8e8bb
-
encryption_key
E841B05FE1D7643875F0EEC32C3E585D6C007D3A
-
install_name
SubDir.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
371d633006158f2c89f3730b938ddc4e42c2832b.png
-
Size
624B
-
MD5
69452d13127d4c960ead3b1212530683
-
SHA1
4d998eb0e1e3ebbd16ad61685d16f9608142d953
-
SHA256
e5349547d8f8928be45acaadcfa70997fd0ee846f182d0cc270a089e963e1e93
-
SHA512
b649e0962d0294da46d814e3592cae7d07a366b49798504abc967f7080f089e28268e56a8ef5d08e1f00003df5409e9d547e43001ae68fef4b4674d1e4afc201
-
Quasar payload
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-