General
-
Target
5ac4db28729ef274c94e5a65ea6f2900be893f63d3b984a7ba27cc83a2c54e1b.exe
-
Size
3.1MB
-
Sample
240401-bhnnbahf22
-
MD5
caddfe2adb6d8c878a2a1001e7fd4fd7
-
SHA1
6d4b54d81a061efc4a1562d3adae524a22d158df
-
SHA256
5ac4db28729ef274c94e5a65ea6f2900be893f63d3b984a7ba27cc83a2c54e1b
-
SHA512
1aa011a1be34baa824468af55317c66cf78abc36883075cb3388a0631db512c97d05b0b9ab2a6ee9f93bfe3a276fd557eab07d5653a02b5eb67eb3f62870a405
-
SSDEEP
49152:mvkt62XlaSFNWPjljiFa2RoUYIQaDkE2Hok/+FtoGdRSTHHB72eh2NT:mv462XlaSFNWPjljiFXRoUYIQaD5T
Behavioral task
behavioral1
Sample
5ac4db28729ef274c94e5a65ea6f2900be893f63d3b984a7ba27cc83a2c54e1b.exe
Resource
win7-20240221-en
Malware Config
Extracted
quasar
1.4.1
Office04
185.196.10.233:4782
a244256d-314d-4857-83fe-790ac24d7897
-
encryption_key
0EC03133971030F6D05E6D59F71626F6543BBE65
-
install_name
gfdgfdg.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
fgfdhdgg
-
subdirectory
gfgfgf
Targets
-
-
Target
5ac4db28729ef274c94e5a65ea6f2900be893f63d3b984a7ba27cc83a2c54e1b.exe
-
Size
3.1MB
-
MD5
caddfe2adb6d8c878a2a1001e7fd4fd7
-
SHA1
6d4b54d81a061efc4a1562d3adae524a22d158df
-
SHA256
5ac4db28729ef274c94e5a65ea6f2900be893f63d3b984a7ba27cc83a2c54e1b
-
SHA512
1aa011a1be34baa824468af55317c66cf78abc36883075cb3388a0631db512c97d05b0b9ab2a6ee9f93bfe3a276fd557eab07d5653a02b5eb67eb3f62870a405
-
SSDEEP
49152:mvkt62XlaSFNWPjljiFa2RoUYIQaDkE2Hok/+FtoGdRSTHHB72eh2NT:mv462XlaSFNWPjljiFXRoUYIQaD5T
-
Quasar payload
-
Detects Windows executables referencing non-Windows User-Agents
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables containing common artifacts observed in infostealers
-
Executes dropped EXE
-