General
-
Target
Client-built.exe
-
Size
3.1MB
-
Sample
231231-3ycdrsahh4
-
MD5
116a6e0ec7a9d2923e91031c299cae04
-
SHA1
abd8d030900d2a2065407881d209bfd9155ceda1
-
SHA256
2161ac1f32f0aeb9b968e28924c52a5c77b06197275266fb7fcc7242523d614e
-
SHA512
4a6ef9a62e32d7142022ed0047c6a36d1398925ee6280ff029693f1e65f4a19b263637c9a1f8086ceaece428a300cc391ef42ef98d9172405b74c005d1febc8c
-
SSDEEP
49152:rvaI22SsaNYfdPBldt698dBcjHxaHKZzhBvJaIoGdoTHHB72eh2NT:rvX22SsaNYfdPBldt6+dBcjHVhR
Behavioral task
behavioral1
Sample
Client-built.exe
Resource
win10-20231215-en
Behavioral task
behavioral2
Sample
Client-built.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
quasar
1.4.1
Office04
147.185.221.17:56251
c181eaca-58fb-484b-ba93-7a421f1c73df
-
encryption_key
FA61BB391485391FC63D1BCC330AC41C5A430E22
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
2000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
Client-built.exe
-
Size
3.1MB
-
MD5
116a6e0ec7a9d2923e91031c299cae04
-
SHA1
abd8d030900d2a2065407881d209bfd9155ceda1
-
SHA256
2161ac1f32f0aeb9b968e28924c52a5c77b06197275266fb7fcc7242523d614e
-
SHA512
4a6ef9a62e32d7142022ed0047c6a36d1398925ee6280ff029693f1e65f4a19b263637c9a1f8086ceaece428a300cc391ef42ef98d9172405b74c005d1febc8c
-
SSDEEP
49152:rvaI22SsaNYfdPBldt698dBcjHxaHKZzhBvJaIoGdoTHHB72eh2NT:rvX22SsaNYfdPBldt6+dBcjHVhR
-
Quasar payload
-
Executes dropped EXE
-