General
-
Target
sigmasONLY.bat
-
Size
5.1MB
-
Sample
240323-ysm6vsbg69
-
MD5
eaa6da6a36813d4da050b9cc92dab315
-
SHA1
c89c0f709987f5af6afb6b64eae3fa790778b7aa
-
SHA256
b7bc5197f132e8d9af92fe636dc07d578327985c5509bd781093dbeee02cb856
-
SHA512
d318b9434ed05ba8b1527c9a1d01f323a983f1fef03ef4413761d93e79ba6708f0ff17ce8b32f4c31126e97aa846e849d50a2d644ee0ab760a28eba2ba522617
-
SSDEEP
24576:EccksZhAsxYu9bEUt4Qa1CFQa5Z4tp5ljbjvGr2BBgfretKRxMp+hrQB0eJM2a8M:xSbESV0MFJnzNFverHKN1
Static task
static1
Behavioral task
behavioral1
Sample
sigmasONLY.bat
Resource
win7-20240221-en
Malware Config
Extracted
quasar
1.4.1
Slave
140.238.91.110:36305
f4720af1-0ef3-414f-b170-e837e2727049
-
encryption_key
52EF528D690A6F47ED9D8BD4A80E69CBE28EDC0A
-
install_name
WOS64.exe
-
log_directory
Windows Error Logs
-
reconnect_delay
3000
-
startup_key
svchost
-
subdirectory
SubDir
Targets
-
-
Target
sigmasONLY.bat
-
Size
5.1MB
-
MD5
eaa6da6a36813d4da050b9cc92dab315
-
SHA1
c89c0f709987f5af6afb6b64eae3fa790778b7aa
-
SHA256
b7bc5197f132e8d9af92fe636dc07d578327985c5509bd781093dbeee02cb856
-
SHA512
d318b9434ed05ba8b1527c9a1d01f323a983f1fef03ef4413761d93e79ba6708f0ff17ce8b32f4c31126e97aa846e849d50a2d644ee0ab760a28eba2ba522617
-
SSDEEP
24576:EccksZhAsxYu9bEUt4Qa1CFQa5Z4tp5ljbjvGr2BBgfretKRxMp+hrQB0eJM2a8M:xSbESV0MFJnzNFverHKN1
-
Quasar payload
-
Executes dropped EXE
-