General
-
Target
tmp
-
Size
3.1MB
-
Sample
231122-jcnp5aba23
-
MD5
1335ea3b575ea12970ae595a60441d26
-
SHA1
189ee218a95b4a8203f8edb63e50b16fb3a81000
-
SHA256
58e825e9ba90117d194b592dca90ec50ca4cd171457b9afc69e210fd6e48bfe2
-
SHA512
136275b1f517f8e0e957d9c643c3b8a7bc8329b97d183e6f88fab10270922ab93efbc850a26e81f227998e759ba9ba4b994de260de929d5515c2c5b7527806bf
-
SSDEEP
49152:DvbI22SsaNYfdPBldt698dBcjHbswTbRvILoGd1ZTHHB72eh2NT:Dvk22SsaNYfdPBldt6+dBcjHbsw9m
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20231020-en
Malware Config
Extracted
quasar
1.4.1
Office04
192.168.109.1:1800
551312a4-69e2-49ef-a9fc-324282122b52
-
encryption_key
2C8CD3E5B94023D4196F46D6FC4A100DF5B725FE
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
tmp
-
Size
3.1MB
-
MD5
1335ea3b575ea12970ae595a60441d26
-
SHA1
189ee218a95b4a8203f8edb63e50b16fb3a81000
-
SHA256
58e825e9ba90117d194b592dca90ec50ca4cd171457b9afc69e210fd6e48bfe2
-
SHA512
136275b1f517f8e0e957d9c643c3b8a7bc8329b97d183e6f88fab10270922ab93efbc850a26e81f227998e759ba9ba4b994de260de929d5515c2c5b7527806bf
-
SSDEEP
49152:DvbI22SsaNYfdPBldt698dBcjHbswTbRvILoGd1ZTHHB72eh2NT:Dvk22SsaNYfdPBldt6+dBcjHbsw9m
-
Quasar payload
-