General
-
Target
Client-built.exe
-
Size
3.1MB
-
Sample
240325-ss54saee21
-
MD5
822e048463d403ce46d088632c7cde79
-
SHA1
3a0163ddc68971a0b6d320bfaaa5f822f9f72723
-
SHA256
0d9c35b3d2445b75ac03e8262eaf8e3d33bbff847117c258e7e9004a939f98ac
-
SHA512
153cf9fb14000c5fffe63d2e53d476afa7e9aa1093dec48b4bb916bfd60bdb5073560defaa008b233531e7144931b0a13f01fd733884adb7b7c849b5758a7b94
-
SSDEEP
49152:evBt62XlaSFNWPjljiFa2RoUYIBFqJaBxFroGdrTHHB72eh2NT:evr62XlaSFNWPjljiFXRoUYIBgJk
Behavioral task
behavioral1
Sample
Client-built.exe
Resource
win7-20240221-en
Malware Config
Extracted
quasar
1.4.1
test
192.168.1.42:4444
4b03e5df-6c5c-4839-9fd6-36ef4d0ed7a7
-
encryption_key
D005DC9DC709AD88D212092A2FA8D08A138AAA86
-
install_name
winreset.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Update
-
subdirectory
Boot
Targets
-
-
Target
Client-built.exe
-
Size
3.1MB
-
MD5
822e048463d403ce46d088632c7cde79
-
SHA1
3a0163ddc68971a0b6d320bfaaa5f822f9f72723
-
SHA256
0d9c35b3d2445b75ac03e8262eaf8e3d33bbff847117c258e7e9004a939f98ac
-
SHA512
153cf9fb14000c5fffe63d2e53d476afa7e9aa1093dec48b4bb916bfd60bdb5073560defaa008b233531e7144931b0a13f01fd733884adb7b7c849b5758a7b94
-
SSDEEP
49152:evBt62XlaSFNWPjljiFa2RoUYIBFqJaBxFroGdrTHHB72eh2NT:evr62XlaSFNWPjljiFXRoUYIBgJk
-
Quasar payload
-
Drops file in System32 directory
-