General
-
Target
disneyclient.exe
-
Size
3.6MB
-
Sample
240329-vtlgwadc91
-
MD5
cef7d0722f455b8875fa1859a2533f14
-
SHA1
b1c45fa8f4f36e314099b32f64f1f72304a836ac
-
SHA256
3462988bac3c4590a31be348acd1a494cd6c66759cd794685f05a89e602b49bd
-
SHA512
7a36a74b8fda00e5959f9951a837c99fe1945e8782fd3ff2a2ed24351424a49bd90841ac7056e85b17f8a7723590aa8a8581106bedcbc2cdf5d72f00e80b9f00
-
SSDEEP
98304:4ZsVXA1ZKfbldHiU+FoLgk88IrBPwgLl4:UseGjnztgL
Static task
static1
Malware Config
Extracted
quasar
1.4.1
RAT
51.178.39.226:4782
51.178.39.226:6606
3dbbdd7b-5d37-4992-809f-8e9a09dc9e8a
-
encryption_key
0114248F10A48FFAB2A971FCD42D277259B1A6C4
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
vdst
-
subdirectory
SubDir
Targets
-
-
Target
disneyclient.exe
-
Size
3.6MB
-
MD5
cef7d0722f455b8875fa1859a2533f14
-
SHA1
b1c45fa8f4f36e314099b32f64f1f72304a836ac
-
SHA256
3462988bac3c4590a31be348acd1a494cd6c66759cd794685f05a89e602b49bd
-
SHA512
7a36a74b8fda00e5959f9951a837c99fe1945e8782fd3ff2a2ed24351424a49bd90841ac7056e85b17f8a7723590aa8a8581106bedcbc2cdf5d72f00e80b9f00
-
SSDEEP
98304:4ZsVXA1ZKfbldHiU+FoLgk88IrBPwgLl4:UseGjnztgL
-
Quasar payload
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-