General
-
Target
Client-built.exe
-
Size
3.1MB
-
Sample
231118-ykkqrsgc91
-
MD5
0be05dbf68a7411493cc4a59a46e7c70
-
SHA1
8035693545162d66d2811c13b9fd5ebfa65b7235
-
SHA256
d5edd5b01487cb03de09de1fd86b8588bcca053ab1c4b5ed49f9e4639102aef4
-
SHA512
cb5f4e93a01542cfa194e7ac5c3155bc11ee96ce58db00c0ed8e55c382014fc1aa9e98bb506a295bb987b63e8b5134915c529b15ca727021af60fa1f671374b9
-
SSDEEP
49152:rvyI22SsaNYfdPBldt698dBcjHkpRJ6YbR3LoGdhtTHHB72eh2NT:rvf22SsaNYfdPBldt6+dBcjHkpRJ6yx
Behavioral task
behavioral1
Sample
Client-built.exe
Resource
win7-20231023-en
Malware Config
Extracted
quasar
1.4.1
Office04
quasardeez.ddns.net:4782
9aa0fb2f-d048-4adc-acbd-2d645c244d69
-
encryption_key
E22644B8CE19FC81D2AC598ED82820552B13359A
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
Client-built.exe
-
Size
3.1MB
-
MD5
0be05dbf68a7411493cc4a59a46e7c70
-
SHA1
8035693545162d66d2811c13b9fd5ebfa65b7235
-
SHA256
d5edd5b01487cb03de09de1fd86b8588bcca053ab1c4b5ed49f9e4639102aef4
-
SHA512
cb5f4e93a01542cfa194e7ac5c3155bc11ee96ce58db00c0ed8e55c382014fc1aa9e98bb506a295bb987b63e8b5134915c529b15ca727021af60fa1f671374b9
-
SSDEEP
49152:rvyI22SsaNYfdPBldt698dBcjHkpRJ6YbR3LoGdhtTHHB72eh2NT:rvf22SsaNYfdPBldt6+dBcjHkpRJ6yx
-
Quasar payload
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-