General
-
Target
Client-built.exe
-
Size
3.1MB
-
Sample
240407-hvjcpaga76
-
MD5
611c00289362a3dc272247f674bc65a4
-
SHA1
22cc41462ae01f9c1ef6798c81b9171142c3c478
-
SHA256
3309e317ee90f72e3ea2da41be5462ff078b673f5b3e622f953197b9dfd313af
-
SHA512
14df276ff86b91349a5f63370b4a8895664e5a617057888a20f0739007db8875209df305afc350477828dd4bf04067ea8211dd8c45525d4e34060fc3e302d9ee
-
SSDEEP
49152:XvVG42pda6D+/PjlLOlg6yQipVbZNP/oGdawATHHB72eh2NT:XvM42pda6D+/PjlLOlZyQipVbZN3t
Behavioral task
behavioral1
Sample
Client-built.exe
Resource
win7-20240221-en
Malware Config
Extracted
quasar
1.4.1
Office04
predictor.serveblog.net:4782
192.168.1.102:4782
755f883f-4d58-4349-bc9e-f21c4e163b6f
-
encryption_key
EE65D8F2E429F4900E3A17963595716D863A2455
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
Client-built.exe
-
Size
3.1MB
-
MD5
611c00289362a3dc272247f674bc65a4
-
SHA1
22cc41462ae01f9c1ef6798c81b9171142c3c478
-
SHA256
3309e317ee90f72e3ea2da41be5462ff078b673f5b3e622f953197b9dfd313af
-
SHA512
14df276ff86b91349a5f63370b4a8895664e5a617057888a20f0739007db8875209df305afc350477828dd4bf04067ea8211dd8c45525d4e34060fc3e302d9ee
-
SSDEEP
49152:XvVG42pda6D+/PjlLOlg6yQipVbZNP/oGdawATHHB72eh2NT:XvM42pda6D+/PjlLOlZyQipVbZN3t
-
Quasar payload
-
Executes dropped EXE
-