General
-
Target
opera.exe
-
Size
3.2MB
-
Sample
230812-rc8djadh8z
-
MD5
723af0cee59b3aa2616be8a41c79ac26
-
SHA1
97d3cfefdd0a7a4b4ca713529b9aa8e8961789f3
-
SHA256
9549b2f1437e603ae99ef0031ddce2f585910d3612b9fb6fd2549339f9be0d25
-
SHA512
7c5e611156ff7f32a2c87025b915927bd7ffc43a27ec7b44df92d7aa749ee016249265d71cd677c65aea7fadd02c434481e2f77ca74191fea65439b878a69d40
-
SSDEEP
49152:WHp592AYawl1WPOl6NVtRkJ0xESmcuh4arjioGdKYXTHHB72eh2NT:WHj92AYawl1WPOl6NVLkJ0xEb9h4a
Malware Config
Extracted
quasar
1.0
Opera
4.tcp.eu.ngrok.io:19691
dbdeb9e2-1d62-453a-8c06-8a6bf4be3071
-
encryption_key
8A2A7B58F2803115FF796E733C7311493928333B
-
install_name
launcher.exe
-
log_directory
Opera Logs
-
reconnect_delay
3000
-
startup_key
Opera Launcher
-
subdirectory
Opera Software
Targets
-
-
Target
opera.exe
-
Size
3.2MB
-
MD5
723af0cee59b3aa2616be8a41c79ac26
-
SHA1
97d3cfefdd0a7a4b4ca713529b9aa8e8961789f3
-
SHA256
9549b2f1437e603ae99ef0031ddce2f585910d3612b9fb6fd2549339f9be0d25
-
SHA512
7c5e611156ff7f32a2c87025b915927bd7ffc43a27ec7b44df92d7aa749ee016249265d71cd677c65aea7fadd02c434481e2f77ca74191fea65439b878a69d40
-
SSDEEP
49152:WHp592AYawl1WPOl6NVtRkJ0xESmcuh4arjioGdKYXTHHB72eh2NT:WHj92AYawl1WPOl6NVLkJ0xEb9h4a
-
Quasar payload
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-