General
-
Target
winapp.exe
-
Size
3.1MB
-
Sample
231227-vqak7saacr
-
MD5
d392cdbed5244c1fbd5b46d63dd519bc
-
SHA1
3811346ed1ef2b549e10e75d508f411b7a1e9d6a
-
SHA256
9724121bb6285ee007ee656a20a13cdd111a01fac23d1596a7e6b5e9a6a4cf44
-
SHA512
4378130941bde8fcb009f42fd4addcc70b2f90a9cfa51c08fc00c1c8c307f51c4a62f0c66d996eb8a612d44792958a83d269db34eed9c5e542b1dc505c0f3f50
-
SSDEEP
49152:QvVt62XlaSFNWPjljiFa2RoUYIOjmUmzhSoGdVTHHB72eh2NT:Qvn62XlaSFNWPjljiFXRoUYIOjm2
Behavioral task
behavioral1
Sample
winapp.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
quasar
1.4.1
Office04
192.168.68.121:4782
07c71602-ed7d-4d72-a4a1-2367e3b4adbd
-
encryption_key
C18D6F8157BC560BD6BBE10D32A41FE809451B75
-
install_name
winapp.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
winapp
-
subdirectory
WinApp
Targets
-
-
Target
winapp.exe
-
Size
3.1MB
-
MD5
d392cdbed5244c1fbd5b46d63dd519bc
-
SHA1
3811346ed1ef2b549e10e75d508f411b7a1e9d6a
-
SHA256
9724121bb6285ee007ee656a20a13cdd111a01fac23d1596a7e6b5e9a6a4cf44
-
SHA512
4378130941bde8fcb009f42fd4addcc70b2f90a9cfa51c08fc00c1c8c307f51c4a62f0c66d996eb8a612d44792958a83d269db34eed9c5e542b1dc505c0f3f50
-
SSDEEP
49152:QvVt62XlaSFNWPjljiFa2RoUYIOjmUmzhSoGdVTHHB72eh2NT:Qvn62XlaSFNWPjljiFXRoUYIOjm2
-
Quasar payload
-
Executes dropped EXE
-
Drops file in System32 directory
-