General
-
Target
Client.exe
-
Size
3.1MB
-
Sample
231105-z1s8hscg3x
-
MD5
1b9d131113ba317f61c680608d1f5044
-
SHA1
3a6740e37ca55933bd2977f4a4e0223b4abe02ae
-
SHA256
2c2352205f2ce5df483aadd89af9ed9750bb1df13b246906e92cf31101572537
-
SHA512
6b7127d5e28e1a6661e5c84d473375ff4475d87225b331fbf2fd9252f57c7b611fd0accda7520812833fe996bf0001ed68c0d7c89946c31b06041a4c7f7b3193
-
SSDEEP
49152:uviI22SsaNYfdPBldt698dBcjH3vRJ6sbR3LoGd9sTHHB72eh2NT:uvv22SsaNYfdPBldt6+dBcjH3vRJ62
Malware Config
Extracted
quasar
1.4.1
Office04
tr2.localto.net:46564
c47e2046-1058-430b-9398-803360379972
-
encryption_key
76663067AA8B43723242B084D486BDDB88B05879
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
Client.exe
-
Size
3.1MB
-
MD5
1b9d131113ba317f61c680608d1f5044
-
SHA1
3a6740e37ca55933bd2977f4a4e0223b4abe02ae
-
SHA256
2c2352205f2ce5df483aadd89af9ed9750bb1df13b246906e92cf31101572537
-
SHA512
6b7127d5e28e1a6661e5c84d473375ff4475d87225b331fbf2fd9252f57c7b611fd0accda7520812833fe996bf0001ed68c0d7c89946c31b06041a4c7f7b3193
-
SSDEEP
49152:uviI22SsaNYfdPBldt698dBcjH3vRJ6sbR3LoGd9sTHHB72eh2NT:uvv22SsaNYfdPBldt6+dBcjH3vRJ62
-
Quasar payload
-
Executes dropped EXE
-