General
-
Target
FCane.exe
-
Size
3.1MB
-
Sample
231223-tsqvjabdb4
-
MD5
5893b3ee001843389bdba2c1a6c37c28
-
SHA1
8795835e38f4bf2cf552a79553f808a4f7c5566b
-
SHA256
b2ae8c71e0a9040da348c8d3bf511343fc8c935336c79bb84c224ff8034d951d
-
SHA512
b065d557ee22dc98da2a4b4e893d4f035ee94890dbfb784faad5e0559944028aed2bc786116133f0dfe4e7b898ffc90c691ecc32ad9ef62e2288067a1afd94aa
-
SSDEEP
49152:6voG42pda6D+/PjlLOlg6yQipVMBj90FoGd0bTHHB72eh2NT:6vL42pda6D+/PjlLOlZyQipVMBj9o
Behavioral task
behavioral1
Sample
FCane.exe
Resource
win7-20231215-en
Malware Config
Extracted
quasar
1.4.1
Office04
192.168.0.107:4782
192.168.13.1:4782
192.168.8.101:4782
77bd16cc-97f3-481a-986e-8bd149a8d5f3
-
encryption_key
AC8EF94E118CC869E2CB79A1654959B8D156342E
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
FCane.exe
-
Size
3.1MB
-
MD5
5893b3ee001843389bdba2c1a6c37c28
-
SHA1
8795835e38f4bf2cf552a79553f808a4f7c5566b
-
SHA256
b2ae8c71e0a9040da348c8d3bf511343fc8c935336c79bb84c224ff8034d951d
-
SHA512
b065d557ee22dc98da2a4b4e893d4f035ee94890dbfb784faad5e0559944028aed2bc786116133f0dfe4e7b898ffc90c691ecc32ad9ef62e2288067a1afd94aa
-
SSDEEP
49152:6voG42pda6D+/PjlLOlg6yQipVMBj90FoGd0bTHHB72eh2NT:6vL42pda6D+/PjlLOlZyQipVMBj9o
-
Quasar payload
-
Executes dropped EXE
-