General
-
Target
OperaSetup.exe
-
Size
6.1MB
-
Sample
230801-tmkfkahd49
-
MD5
41642cbd557222d87e97ce3aac35bd96
-
SHA1
e7f793261b6564a6e0f92b661af0364968f3a68f
-
SHA256
a57bbb8bb354aeb030d0f4290567b304ea16571c66a9c58298fe4da8c4f91adf
-
SHA512
b00206b1b1b351d50daf13ede7248d36348e6e5421084eb5f6e4dd97f16879206b5b52def84124afdad48e0ff363e37fe314097cc282e657f79eea8447d237fb
-
SSDEEP
98304:JGh5ziNlRUaub+MPDrc/c+NmXnKyFrsqCFHj92AYawl1WPOl6NVLkJ0xWbcmy:J3NlqaubXgUCqCBBjxMy
Malware Config
Extracted
quasar
-
reconnect_delay
3000
Extracted
quasar
1.4.1
Opera
4.tcp.eu.ngrok.io:12200
dbdeb9e2-1d62-453a-8c06-8a6bf4be3071
-
encryption_key
8A2A7B58F2803115FF796E733C7311493928333B
-
install_name
launcher.exe
-
log_directory
Opera Logs
-
reconnect_delay
3000
-
startup_key
Opera Launcher
-
subdirectory
Opera Software
Targets
-
-
Target
OperaSetup.exe
-
Size
6.1MB
-
MD5
41642cbd557222d87e97ce3aac35bd96
-
SHA1
e7f793261b6564a6e0f92b661af0364968f3a68f
-
SHA256
a57bbb8bb354aeb030d0f4290567b304ea16571c66a9c58298fe4da8c4f91adf
-
SHA512
b00206b1b1b351d50daf13ede7248d36348e6e5421084eb5f6e4dd97f16879206b5b52def84124afdad48e0ff363e37fe314097cc282e657f79eea8447d237fb
-
SSDEEP
98304:JGh5ziNlRUaub+MPDrc/c+NmXnKyFrsqCFHj92AYawl1WPOl6NVLkJ0xWbcmy:J3NlqaubXgUCqCBBjxMy
-
Quasar payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-