General
-
Target
eee.exe
-
Size
3.1MB
-
Sample
231231-3tenbsahb6
-
MD5
9e282c69a25055463e8481edbbaf3d14
-
SHA1
2c867ddfe529f664bc6234fd9c1244bd4d6c7a6c
-
SHA256
fbe69d8e1fa5390e1627f2c7713c456c69e0be031e2df0faace32d439a412fe9
-
SHA512
fa1d96774579db7aeef3cc5ae7c94f6a3358b3209dc10e3d43b068bd0b6ad2ba6a457f89e0eda7fe7533e2bf4656acffbe1fab491fcf7a475c88bde63c19fcbe
-
SSDEEP
49152:cwBDoDZjiLWI2DEJd0XiUcyGPOJndAmh6aI6XP11dmnJ1BG0HyuEao/7XO:NBcDRiL4ETNUcBmJndQZwt1KjBG0Hyz
Static task
static1
Behavioral task
behavioral1
Sample
eee.exe
Resource
win7-20231215-en
Malware Config
Extracted
quasar
1.4.1
update
127.0.0.1:4782
ddb0d81d-667e-44c3-a1b7-00fcb82dd1ef
-
encryption_key
00DF680B0E09235E9256570DFF972BC701444E37
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
putty
-
subdirectory
SubDir
Targets
-
-
Target
eee.exe
-
Size
3.1MB
-
MD5
9e282c69a25055463e8481edbbaf3d14
-
SHA1
2c867ddfe529f664bc6234fd9c1244bd4d6c7a6c
-
SHA256
fbe69d8e1fa5390e1627f2c7713c456c69e0be031e2df0faace32d439a412fe9
-
SHA512
fa1d96774579db7aeef3cc5ae7c94f6a3358b3209dc10e3d43b068bd0b6ad2ba6a457f89e0eda7fe7533e2bf4656acffbe1fab491fcf7a475c88bde63c19fcbe
-
SSDEEP
49152:cwBDoDZjiLWI2DEJd0XiUcyGPOJndAmh6aI6XP11dmnJ1BG0HyuEao/7XO:NBcDRiL4ETNUcBmJndQZwt1KjBG0Hyz
-
Quasar payload
-
Suspicious use of SetThreadContext
-