General
-
Target
Client-built.exe
-
Size
3.1MB
-
Sample
231227-2sfcsshchk
-
MD5
82dafc7a902d60421957561baf7e6397
-
SHA1
9e3cae5d8f4d51866389787f0cb6989ccc068001
-
SHA256
37d30f9f28f61ffeb1a8f041167966dc075c62b123d832e738548cd4909d54fd
-
SHA512
cce55b18f49176733d7064ba5a3528c1588b4eb1b3b5fb8b19dd2c86e05dc18a1a1bc2354733a105e7c11fed61961dfb90917e1fc172bf86b436ee90e9ede1db
-
SSDEEP
49152:PvoA62jiaQDKwPFlJn3xFQsZQONie2EGaSk/uh5oGdiQ9THHB72eh2NT:Pv562jiaQDKwPFlJn3TQsZQONieGfy
Malware Config
Extracted
quasar
1.4.1
Office04
192.168.178.197:4782
773205e2-ac0d-48ce-a795-b7aae050cb04
-
encryption_key
C386CCE5ECD7D474E230DC2237D09BEA11EC9EB8
-
install_name
RtkAudUService64.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Realtek HD Audio Universal Service
-
subdirectory
Realtek HD Audio Universal Service
Targets
-
-
Target
Client-built.exe
-
Size
3.1MB
-
MD5
82dafc7a902d60421957561baf7e6397
-
SHA1
9e3cae5d8f4d51866389787f0cb6989ccc068001
-
SHA256
37d30f9f28f61ffeb1a8f041167966dc075c62b123d832e738548cd4909d54fd
-
SHA512
cce55b18f49176733d7064ba5a3528c1588b4eb1b3b5fb8b19dd2c86e05dc18a1a1bc2354733a105e7c11fed61961dfb90917e1fc172bf86b436ee90e9ede1db
-
SSDEEP
49152:PvoA62jiaQDKwPFlJn3xFQsZQONie2EGaSk/uh5oGdiQ9THHB72eh2NT:Pv562jiaQDKwPFlJn3TQsZQONieGfy
-
Quasar payload
-
Executes dropped EXE
-