General
-
Target
Eggsploit.exe
-
Size
3.1MB
-
Sample
231107-whkxmscf9s
-
MD5
667e8c88107d8b2505e2c984504b6363
-
SHA1
78af687782710dc45bf2bf4235b543ebdfbdd266
-
SHA256
9db1850549f3067e3f9804153cfae806318aa5c6d2566389b09ea3f4a2996e42
-
SHA512
a6e0f44383a033a2e7b28783170f7830c32a234dee5670344f8c53db0e8ff074ebe109f3b71352b61caca260c03b91edda5843981453a08e0e8e08eb1879d3c0
-
SSDEEP
49152:6vdt62XlaSFNWPjljiFa2RoUYIhe1F9oGq1kSjTHHB72eh2NT:6vf62XlaSFNWPjljiFXRoUYIg1HWk
Behavioral task
behavioral1
Sample
Eggsploit.exe
Resource
win7-20231023-en
Malware Config
Extracted
quasar
1.4.1
Office04
192.168.1.13:4782
45259779-0dcb-4afe-a014-ae49cf73286e
-
encryption_key
38F8A837013773F52CA41CD4456A32A9B17A9557
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
AustiBlox
-
subdirectory
SubDir
Targets
-
-
Target
Eggsploit.exe
-
Size
3.1MB
-
MD5
667e8c88107d8b2505e2c984504b6363
-
SHA1
78af687782710dc45bf2bf4235b543ebdfbdd266
-
SHA256
9db1850549f3067e3f9804153cfae806318aa5c6d2566389b09ea3f4a2996e42
-
SHA512
a6e0f44383a033a2e7b28783170f7830c32a234dee5670344f8c53db0e8ff074ebe109f3b71352b61caca260c03b91edda5843981453a08e0e8e08eb1879d3c0
-
SSDEEP
49152:6vdt62XlaSFNWPjljiFa2RoUYIhe1F9oGq1kSjTHHB72eh2NT:6vf62XlaSFNWPjljiFXRoUYIg1HWk
-
Quasar payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-