General
-
Target
06470199.dat
-
Size
3.1MB
-
Sample
230611-kgdamagg76
-
MD5
8164a3361f7bb473d898b796ec12d468
-
SHA1
71d2afe83bedb25eec78188ddc1385361c3d632f
-
SHA256
c1ed20f252eaa28ae2e5fc1bc08c60d9f6beccecf5ad1cb2e8278271c7acda59
-
SHA512
e50bec34cc54dcf4fad041277b53f33c1cad64ea4f9352bd2bc144a4b41514b1c33e32245b3385f15fe14019c11c741f167e884de519ea4b2cb6a78dd598421c
-
SSDEEP
49152:avct62XlaSFNWPjljiFa2RoUYI2YRJ60bR3LoGdWTHHB72eh2NT:avg62XlaSFNWPjljiFXRoUYI2YRJ6+
Behavioral task
behavioral1
Sample
06470199.exe
Resource
win7-20230220-en
Malware Config
Extracted
quasar
1.4.1
ninjagram
nethttp.sytes.net:4782
f04d3337-2e5e-4a42-bb35-8f2a600f118f
-
encryption_key
D3749570795A041A5B9B7F71D15CD539096DC336
-
install_name
boot.exe
-
log_directory
security
-
reconnect_delay
1000
-
startup_key
services
-
subdirectory
winrn
Targets
-
-
Target
06470199.dat
-
Size
3.1MB
-
MD5
8164a3361f7bb473d898b796ec12d468
-
SHA1
71d2afe83bedb25eec78188ddc1385361c3d632f
-
SHA256
c1ed20f252eaa28ae2e5fc1bc08c60d9f6beccecf5ad1cb2e8278271c7acda59
-
SHA512
e50bec34cc54dcf4fad041277b53f33c1cad64ea4f9352bd2bc144a4b41514b1c33e32245b3385f15fe14019c11c741f167e884de519ea4b2cb6a78dd598421c
-
SSDEEP
49152:avct62XlaSFNWPjljiFa2RoUYI2YRJ60bR3LoGdWTHHB72eh2NT:avg62XlaSFNWPjljiFXRoUYI2YRJ6+
-
Quasar payload
-
Executes dropped EXE
-