General
-
Target
8d007eefc7a40e5db7c83d900b3522e68782cd8d8d7b02768c774412b847ce6f
-
Size
2.0MB
-
Sample
240402-h535vabc86
-
MD5
6c070805d0f04cc04cbabcf5c1e243df
-
SHA1
b4668ac9d9d4b64a4d9b9c3615a2bccebf408b75
-
SHA256
8d007eefc7a40e5db7c83d900b3522e68782cd8d8d7b02768c774412b847ce6f
-
SHA512
80914cbbd3fe3bd94f1ad48a92f0adb75291817cd2993e428df9da306bbf305773d64188b79c60a0ade1383b7f7c2f87af29bbef4e7a6f2695cee602fca5da39
-
SSDEEP
12288:ZCxv4m9vTKp5CU+b1GQ7wywPRQVZOZsNoo/zbMXQTGcCsqB9SNOuAxAEUV9l+:O5TKeU+wQ7wyuRaZEuG3q2IV9l
Static task
static1
Behavioral task
behavioral1
Sample
8d007eefc7a40e5db7c83d900b3522e68782cd8d8d7b02768c774412b847ce6f.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
quasar
1.4.1
Office04
45.88.186.209:4782
e70efcae-9ec5-4682-aa19-15651d4d8cc8
-
encryption_key
4EF1547B5DB5058DCCEB6A60D48A54C35026D8D5
-
install_name
gfhgfgjgf.exe
-
log_directory
dfdfsf
-
reconnect_delay
3000
-
startup_key
hgfhjjhgj
-
subdirectory
ghghghfg
Targets
-
-
Target
8d007eefc7a40e5db7c83d900b3522e68782cd8d8d7b02768c774412b847ce6f
-
Size
2.0MB
-
MD5
6c070805d0f04cc04cbabcf5c1e243df
-
SHA1
b4668ac9d9d4b64a4d9b9c3615a2bccebf408b75
-
SHA256
8d007eefc7a40e5db7c83d900b3522e68782cd8d8d7b02768c774412b847ce6f
-
SHA512
80914cbbd3fe3bd94f1ad48a92f0adb75291817cd2993e428df9da306bbf305773d64188b79c60a0ade1383b7f7c2f87af29bbef4e7a6f2695cee602fca5da39
-
SSDEEP
12288:ZCxv4m9vTKp5CU+b1GQ7wywPRQVZOZsNoo/zbMXQTGcCsqB9SNOuAxAEUV9l+:O5TKeU+wQ7wyuRaZEuG3q2IV9l
-
Detect ZGRat V1
-
Quasar payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-