General
-
Target
12332e311cefd7bc4b016ab51b885c7a
-
Size
1.0MB
-
Sample
231230-jch5msdfg6
-
MD5
12332e311cefd7bc4b016ab51b885c7a
-
SHA1
bc6e892c3c381b9155d9a6b28f31bfa1235c061d
-
SHA256
67860b6c376983094f49a5a09dcaae107c693a2cdfbd203065ca2415a32f11cb
-
SHA512
c75bd668bd4c842eef944d4e49c1675a6bbdb003b4cfb79832de4140f4c18c51d9b9b60db07262b96ceac140100724bf7f36ef1a1639afa8e1bd616cb2524ffe
-
SSDEEP
12288:kARNJ6j3LBFsSfNJwZH3Uw2oQb+9BXNwQlsljyFVRelCuXjV+apo+gO0aoUWqnDF:bLJ+FFsSFJg9LuuqnDonB1e
Static task
static1
Behavioral task
behavioral1
Sample
12332e311cefd7bc4b016ab51b885c7a.exe
Resource
win7-20231215-en
Malware Config
Extracted
quasar
1.3.0.0
Office04
10.8.31.138:28394
QSR_MUTEX_8o3qZGCFefA40MAkOh
-
encryption_key
Gmm1w4utIxJXOFfCOJbk
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
12332e311cefd7bc4b016ab51b885c7a
-
Size
1.0MB
-
MD5
12332e311cefd7bc4b016ab51b885c7a
-
SHA1
bc6e892c3c381b9155d9a6b28f31bfa1235c061d
-
SHA256
67860b6c376983094f49a5a09dcaae107c693a2cdfbd203065ca2415a32f11cb
-
SHA512
c75bd668bd4c842eef944d4e49c1675a6bbdb003b4cfb79832de4140f4c18c51d9b9b60db07262b96ceac140100724bf7f36ef1a1639afa8e1bd616cb2524ffe
-
SSDEEP
12288:kARNJ6j3LBFsSfNJwZH3Uw2oQb+9BXNwQlsljyFVRelCuXjV+apo+gO0aoUWqnDF:bLJ+FFsSFJg9LuuqnDonB1e
-
Quasar payload
-
Suspicious use of SetThreadContext
-