General
-
Target
WinformCrack.exe
-
Size
3.1MB
-
Sample
240323-xj1j6ade3s
-
MD5
a64821e6d15cdc5f778e2d75a843a988
-
SHA1
653c50d75df7da8035bbbdb45a6744f007846f98
-
SHA256
c89e271601f509d5ab240913749a9bf28523dce349f13c59e648877d7a80b1b3
-
SHA512
b29df36bf61c5926bf7fb881e706400f4ac830287a6a1af5102497c474c4664dc9573aa2cc5a55a0a67bf8bc473b0924cc515ed605304e815d95437e6912ab60
-
SSDEEP
49152:WviI22SsaNYfdPBldt698dBcjH8iRJ65bR3LoGdjTHHB72eh2NT:Wvv22SsaNYfdPBldt6+dBcjH8iRJ67
Behavioral task
behavioral1
Sample
WinformCrack.exe
Resource
win7-20240221-en
Malware Config
Extracted
quasar
1.4.1
Slave
140.238.91.110:34353
25ab9d56-6ef2-47d3-99aa-2142fbcd41fa
-
encryption_key
8E710985199C6BF86CCE90DA92448A36E2F45F51
-
install_name
XWormV5.6.exe
-
log_directory
WindowsUPDLogs
-
reconnect_delay
3000
-
startup_key
Windows BIOS Update Checker
-
subdirectory
SubDir
Targets
-
-
Target
WinformCrack.exe
-
Size
3.1MB
-
MD5
a64821e6d15cdc5f778e2d75a843a988
-
SHA1
653c50d75df7da8035bbbdb45a6744f007846f98
-
SHA256
c89e271601f509d5ab240913749a9bf28523dce349f13c59e648877d7a80b1b3
-
SHA512
b29df36bf61c5926bf7fb881e706400f4ac830287a6a1af5102497c474c4664dc9573aa2cc5a55a0a67bf8bc473b0924cc515ed605304e815d95437e6912ab60
-
SSDEEP
49152:WviI22SsaNYfdPBldt698dBcjH8iRJ65bR3LoGdjTHHB72eh2NT:Wvv22SsaNYfdPBldt6+dBcjH8iRJ67
-
Quasar payload
-
Executes dropped EXE
-
Drops file in System32 directory
-