General
-
Target
opera.exe
-
Size
3.2MB
-
Sample
230801-rqgsqsgc62
-
MD5
62a0d66d4c94d255d7386208f69b70e8
-
SHA1
43e128c5d41409b848b844c31e45818802d7ea4f
-
SHA256
974f559a122c842637b893bb5500cfb2caccab2f464526f688d39e451c3c5487
-
SHA512
b3d69909141f2e5adebb93765689a7e83bca02d5000aaf8daa6a32275b3fa04eebb70b889edfb6a75579a73119ab010dc51e23b662dbd6c7ea071a1d2356def7
-
SSDEEP
49152:hHM592AYawl1WPOl6NVtRkJ0xWc+DiEQsMkCxSvoG+DTHHB72eh2NT:hHg92AYawl1WPOl6NVLkJ0xWc+Dsw
Malware Config
Extracted
quasar
1.4.1
Opera
4.tcp.eu.ngrok.io:12200
dbdeb9e2-1d62-453a-8c06-8a6bf4be3071
-
encryption_key
8A2A7B58F2803115FF796E733C7311493928333B
-
install_name
launcher.exe
-
log_directory
Opera Logs
-
reconnect_delay
3000
-
startup_key
Opera Launcher
-
subdirectory
Opera Software
Targets
-
-
Target
opera.exe
-
Size
3.2MB
-
MD5
62a0d66d4c94d255d7386208f69b70e8
-
SHA1
43e128c5d41409b848b844c31e45818802d7ea4f
-
SHA256
974f559a122c842637b893bb5500cfb2caccab2f464526f688d39e451c3c5487
-
SHA512
b3d69909141f2e5adebb93765689a7e83bca02d5000aaf8daa6a32275b3fa04eebb70b889edfb6a75579a73119ab010dc51e23b662dbd6c7ea071a1d2356def7
-
SSDEEP
49152:hHM592AYawl1WPOl6NVtRkJ0xWc+DiEQsMkCxSvoG+DTHHB72eh2NT:hHg92AYawl1WPOl6NVLkJ0xWc+Dsw
-
Quasar payload
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-