General
-
Target
Client-built.exe
-
Size
3.1MB
-
Sample
240325-spjrdabe74
-
MD5
2c452681aaf7e08b26eec0c3e5778bd2
-
SHA1
f9a3d4ad1b623f2f52ff60a51c35f5a6817c12f2
-
SHA256
acaa51b406aa9cef4c6ac4d6d57b91b0dd2d07a9f6333b69e742796a367ff010
-
SHA512
c321ff90d512b067ea2c617a07224b6756092318ef3d3175d0c1a00eaa7b9a0cc6976314e00fce4ebec9877d8c4ca8ade23d51e003d3f28317702c57b0541384
-
SSDEEP
49152:evBt62XlaSFNWPjljiFa2RoUYI31LBrTMfxdoGdalTHHB72eh2NT:evr62XlaSFNWPjljiFXRoUYI35BrCq
Behavioral task
behavioral1
Sample
Client-built.exe
Resource
win7-20240221-en
Malware Config
Extracted
quasar
1.4.1
test
192.168.1.42:4782
95ad66d9-3637-453f-943d-33d2a2c49feb
-
encryption_key
3A52ADE42ED9473E5578959627082144C8887BFE
-
install_name
winreset.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Discord
-
subdirectory
Boot
Targets
-
-
Target
Client-built.exe
-
Size
3.1MB
-
MD5
2c452681aaf7e08b26eec0c3e5778bd2
-
SHA1
f9a3d4ad1b623f2f52ff60a51c35f5a6817c12f2
-
SHA256
acaa51b406aa9cef4c6ac4d6d57b91b0dd2d07a9f6333b69e742796a367ff010
-
SHA512
c321ff90d512b067ea2c617a07224b6756092318ef3d3175d0c1a00eaa7b9a0cc6976314e00fce4ebec9877d8c4ca8ade23d51e003d3f28317702c57b0541384
-
SSDEEP
49152:evBt62XlaSFNWPjljiFa2RoUYI31LBrTMfxdoGdalTHHB72eh2NT:evr62XlaSFNWPjljiFXRoUYI35BrCq
-
Quasar payload
-
Drops file in System32 directory
-