General
-
Target
1186dac5cf754305a3faf7a6a9fd3ab02f1eb8272e56e23ceddad9cdab50aa2a
-
Size
6.7MB
-
Sample
231117-n9kf7ahb84
-
MD5
122dab9ce8c4dafdebadc3aff6ee4f23
-
SHA1
2a5e8a942d49f1b278cdeb7d450bbbf46ead7eb3
-
SHA256
1186dac5cf754305a3faf7a6a9fd3ab02f1eb8272e56e23ceddad9cdab50aa2a
-
SHA512
8d304f1b020644fd3002cfb7cf40b432493eca80028b920a5af119d643ab170be4b5b62a4ff039c97ac2a322fa4e6e5e252e71214a05a4009bb37aaea633a1ad
-
SSDEEP
196608:w5TWDyAAYG9xzHkkUo80YBgSEmmvz87okj:+cxPG9xAkJ80YBBIzO
Malware Config
Extracted
quasar
1.4.1
Office04
45.32.119.154:4782
54a78e9b-95fb-449b-9a22-c22b0cb9bedb
-
encryption_key
8D3F702A8D4FBFC89815720AB5EE7FFAA0B223D6
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Microsoft System Run
-
subdirectory
SubDir
Targets
-
-
Target
1186dac5cf754305a3faf7a6a9fd3ab02f1eb8272e56e23ceddad9cdab50aa2a
-
Size
6.7MB
-
MD5
122dab9ce8c4dafdebadc3aff6ee4f23
-
SHA1
2a5e8a942d49f1b278cdeb7d450bbbf46ead7eb3
-
SHA256
1186dac5cf754305a3faf7a6a9fd3ab02f1eb8272e56e23ceddad9cdab50aa2a
-
SHA512
8d304f1b020644fd3002cfb7cf40b432493eca80028b920a5af119d643ab170be4b5b62a4ff039c97ac2a322fa4e6e5e252e71214a05a4009bb37aaea633a1ad
-
SSDEEP
196608:w5TWDyAAYG9xzHkkUo80YBgSEmmvz87okj:+cxPG9xAkJ80YBBIzO
-
Quasar payload
-
Loads dropped DLL
-