General
-
Target
2320-2-0x0000000001000000-0x00000000016A0000-memory.dmp
-
Size
6.6MB
-
Sample
231109-mgzvqsgg8s
-
MD5
1da07aca3e56a6b348098c8cc9376ad5
-
SHA1
0ec7242997de8ecf814d17a2b4700a14d56ea65f
-
SHA256
c8f54b5d97391b05951382dffde7ef6c508f26342ad5f6256ed20836b8897191
-
SHA512
012b9ab3c84c15c5eec75e888b03f173336de0c74dc215fb26597dba73628dae17d8dd6fcc84b640af8a9e3bc2838fdf4c1c53b2584c75e0bf4533f402acf5e8
-
SSDEEP
98304:LvWL26AaNeWgPhlmVqkQ7XSKUv4q0argCWxzIy0cejphrreCEVe77z/Bvg:jG4SWHe/Ee11eCE8Pp
Behavioral task
behavioral1
Sample
2320-2-0x0000000001000000-0x00000000016A0000-memory.exe
Resource
win7-20231020-en
Malware Config
Extracted
quasar
1.4.1
Office04
boogerbreath-59460.portmap.host:59460
77fd1379-6dd2-4765-b853-6c99d9930f92
-
encryption_key
AA372A6B176F2D90F285D3A63B4330C0BE4BA34E
-
install_name
Client.exe
-
log_directory
Jqims81j8jewioJAIO
-
reconnect_delay
1
-
startup_key
services
-
subdirectory
SubDir
Targets
-
-
Target
2320-2-0x0000000001000000-0x00000000016A0000-memory.dmp
-
Size
6.6MB
-
MD5
1da07aca3e56a6b348098c8cc9376ad5
-
SHA1
0ec7242997de8ecf814d17a2b4700a14d56ea65f
-
SHA256
c8f54b5d97391b05951382dffde7ef6c508f26342ad5f6256ed20836b8897191
-
SHA512
012b9ab3c84c15c5eec75e888b03f173336de0c74dc215fb26597dba73628dae17d8dd6fcc84b640af8a9e3bc2838fdf4c1c53b2584c75e0bf4533f402acf5e8
-
SSDEEP
98304:LvWL26AaNeWgPhlmVqkQ7XSKUv4q0argCWxzIy0cejphrreCEVe77z/Bvg:jG4SWHe/Ee11eCE8Pp
-
Quasar payload
-
Executes dropped EXE
-