General
-
Target
Client-built.exe
-
Size
3.1MB
-
Sample
240406-zm4gbsaf3x
-
MD5
41860d50841fb6ad3341497300684215
-
SHA1
40eb43dd467cf118288faea23196f0a13e652c35
-
SHA256
102b5df01e1c2e08c38dafb39871accbd9330f8486472482d90281705e889432
-
SHA512
d8a127d4318796c2cb96c104e1e65b113ea3b3708af4a083e99c54472997e50d9c17341c05bf53d011e5215da4b31ef418212d19a5f2d42efcc6adc525f965c8
-
SSDEEP
49152:rv2I22SsaNYfdPBldt698dBcjH/x28mzQUoGd108uTHHB72eh2NT:rvb22SsaNYfdPBldt6+dBcjH/x2xq
Malware Config
Extracted
quasar
1.4.1
Office04
wasted9sss1-54777.portmap.io:4782
58d5349c-f008-4af6-b8bf-469d2569c61b
-
encryption_key
517C077DB1E3D3485387F0B31BBF986E71312477
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
system32
-
subdirectory
SubDir
Targets
-
-
Target
Client-built.exe
-
Size
3.1MB
-
MD5
41860d50841fb6ad3341497300684215
-
SHA1
40eb43dd467cf118288faea23196f0a13e652c35
-
SHA256
102b5df01e1c2e08c38dafb39871accbd9330f8486472482d90281705e889432
-
SHA512
d8a127d4318796c2cb96c104e1e65b113ea3b3708af4a083e99c54472997e50d9c17341c05bf53d011e5215da4b31ef418212d19a5f2d42efcc6adc525f965c8
-
SSDEEP
49152:rv2I22SsaNYfdPBldt698dBcjH/x28mzQUoGd108uTHHB72eh2NT:rvb22SsaNYfdPBldt6+dBcjH/x2xq
-
Quasar payload
-
Executes dropped EXE
-