General
-
Target
5FOV_No_Delay.rar
-
Size
1.3MB
-
Sample
230821-p4ybjach47
-
MD5
c9c997723fdfd3d6a8c5ceb7760e12e6
-
SHA1
6f7aa9f95ced9b6d504cbdd2eee4e3e0e25e0f77
-
SHA256
8204706fb5a3a20570283d65b191c13d19fafe7e95caf4e642c0ab80a6e05419
-
SHA512
ccc68f8d3478334d6bca18636ee3a3f8d423c070390698c71875ad0a8f8e8c0835e4eb87642f612ddf2495e261581c65f35f2a4138976a4a1135ec70b4df747d
-
SSDEEP
24576:/KrIusGGC/NySlITIY0GM0JT5mYvcGKR4FZz40m0OXx0Xf4Qkk76lfuJKW:/Krx+kBG0YRM0JAYkGKR4FW0mDh0PXkI
Static task
static1
Behavioral task
behavioral1
Sample
5FOV No Delay/5FOV_No_Delay.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
5FOV No Delay/5FOV_No_Delay.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
quasar
1.4.1
5FOV_No_Delay
10.0.2.15:4782
3855a4de-fdf1-4ce7-8a15-60d9db39b127
-
encryption_key
1B54246BE5866DD85D5E2DCF192A40BF9215357D
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Google Chrome Update
-
subdirectory
SubDir
Targets
-
-
Target
5FOV No Delay/5FOV_No_Delay.exe
-
Size
1.3MB
-
MD5
847ad50bef0a4db9e12b35d682b916d2
-
SHA1
6e1444da76eab5ff589988bad8d7feb3ddad339b
-
SHA256
83eca531bc045bb8d908d3a5461efd7120d735c9aa5003ae594b9bbe70e87604
-
SHA512
464f521a56d30c15e26af32815d4d99994651540e5f2835d1a1207087d4f026d457239b5745ab91da8ad2b7493305e43dfc235c8895ec1860334d6ac641082e8
-
SSDEEP
24576:1fWaaBHA4KC1Qsx+9uAKgPOZjeWePI/bqx4eI93rVkeG6:1MBg1C1T+TKfZjeWeQWxA3ft
Score10/10-
Quasar payload
-
Executes dropped EXE
-