General
-
Target
295f0a57a5e69b701359a80ed15ab338
-
Size
435KB
-
Sample
231231-fsf4faccc2
-
MD5
295f0a57a5e69b701359a80ed15ab338
-
SHA1
9ea6a935e70bcdd864c882afb056c9a046389a05
-
SHA256
d366619e696013333ed98b3aa03567638e56286ded05fb34da197481fa4d89fe
-
SHA512
9fb8d61630780a5079d1bc647818bd0d9b707955e1428e3518333eb0213d7dcc1e28a8156c1845b90e6bf7b0f1cdad7870ddb6ed160c8ee04f2be9cdec22b56e
-
SSDEEP
12288:IHn2eF7god+QEy5xV1EiQZbGx09L8CkMTOZ2:xwg1QEy5xV1xqMMT
Static task
static1
Behavioral task
behavioral1
Sample
295f0a57a5e69b701359a80ed15ab338.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
295f0a57a5e69b701359a80ed15ab338.exe
Resource
win10v2004-20231222-en
Malware Config
Extracted
quasar
1.4.0
Office04
cinyk.duckdns.org:200
f0588063-425c-49b3-90a0-146445b72227
-
encryption_key
03C79A7567CE54D0A1A215C4304C453535311F0C
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Java Updater x64
-
subdirectory
SubDir
Targets
-
-
Target
295f0a57a5e69b701359a80ed15ab338
-
Size
435KB
-
MD5
295f0a57a5e69b701359a80ed15ab338
-
SHA1
9ea6a935e70bcdd864c882afb056c9a046389a05
-
SHA256
d366619e696013333ed98b3aa03567638e56286ded05fb34da197481fa4d89fe
-
SHA512
9fb8d61630780a5079d1bc647818bd0d9b707955e1428e3518333eb0213d7dcc1e28a8156c1845b90e6bf7b0f1cdad7870ddb6ed160c8ee04f2be9cdec22b56e
-
SSDEEP
12288:IHn2eF7god+QEy5xV1EiQZbGx09L8CkMTOZ2:xwg1QEy5xV1xqMMT
Score10/10-
Modifies WinLogon for persistence
-
Quasar payload
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-