General
-
Target
explorer.exe
-
Size
3.1MB
-
Sample
230609-v9jcfsdf7v
-
MD5
b4d796b1d427b448f9406aee07959eff
-
SHA1
9b731c6304518c686ef1a0675c77f74163aad60c
-
SHA256
4041ad409dcfd7b2ae14b4b7ac5928debb38e2e02dcb7837e1ebacf0a1ed3773
-
SHA512
43da91f6814eb66784954af83463c1b663689a37dfc76015cf566fef50b896b0273ed3e72d4580382720cb7f5f26bd2e25d0c0accd6b3526b15082cea83d7454
-
SSDEEP
49152:Dvkt62XlaSFNWPjljiFa2RoUYIHORJ6xbR3LoGdxTHHB72eh2NT:Dv462XlaSFNWPjljiFXRoUYIHORJ6T
Behavioral task
behavioral1
Sample
explorer.exe
Resource
win7-20230220-en
Malware Config
Extracted
quasar
1.4.1
Office04
ratcentho.ddns.net:1604
a48091b5-8649-4186-b51d-37847b346bbb
-
encryption_key
E111C166FC0FC5E69CF243BDE5027B1BBD76712A
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
csrss
-
subdirectory
SubDir
Targets
-
-
Target
explorer.exe
-
Size
3.1MB
-
MD5
b4d796b1d427b448f9406aee07959eff
-
SHA1
9b731c6304518c686ef1a0675c77f74163aad60c
-
SHA256
4041ad409dcfd7b2ae14b4b7ac5928debb38e2e02dcb7837e1ebacf0a1ed3773
-
SHA512
43da91f6814eb66784954af83463c1b663689a37dfc76015cf566fef50b896b0273ed3e72d4580382720cb7f5f26bd2e25d0c0accd6b3526b15082cea83d7454
-
SSDEEP
49152:Dvkt62XlaSFNWPjljiFa2RoUYIHORJ6xbR3LoGdxTHHB72eh2NT:Dv462XlaSFNWPjljiFXRoUYIHORJ6T
-
Quasar payload
-
Executes dropped EXE
-