General
-
Target
Client-built.exe
-
Size
3.1MB
-
Sample
240407-v71hysad45
-
MD5
3169d3f34b2ce9d94a1bcb0e9ae48600
-
SHA1
ffec6c71b6c2213be5c4745807de1aedd6a90f20
-
SHA256
e30519495fc30aca7d914b0628fb21dd89f482856a9bbc70c62d2dbcf18d11b7
-
SHA512
468f5db3cdf3a7a2870a6f78956f80b494520c2d8a589895794f4a5d7c7ea9feb262b7f5466933e8995eb2ddd8e92b72d7fe61f9afa4d89681e24840fc729860
-
SSDEEP
49152:WvbI22SsaNYfdPBldt698dBcjHp7qx57Gek/DBoGifUaTHHB72eh2NT:Wvk22SsaNYfdPBldt6+dBcjHxqE
Behavioral task
behavioral1
Sample
Client-built.exe
Resource
win7-20240215-en
Malware Config
Extracted
quasar
1.4.1
Office04
x.tcp.ngrok.io:16096
755f883f-4d58-4349-bc9e-f21c4e163b6f
-
encryption_key
EE65D8F2E429F4900E3A17963595716D863A2455
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
Client-built.exe
-
Size
3.1MB
-
MD5
3169d3f34b2ce9d94a1bcb0e9ae48600
-
SHA1
ffec6c71b6c2213be5c4745807de1aedd6a90f20
-
SHA256
e30519495fc30aca7d914b0628fb21dd89f482856a9bbc70c62d2dbcf18d11b7
-
SHA512
468f5db3cdf3a7a2870a6f78956f80b494520c2d8a589895794f4a5d7c7ea9feb262b7f5466933e8995eb2ddd8e92b72d7fe61f9afa4d89681e24840fc729860
-
SSDEEP
49152:WvbI22SsaNYfdPBldt698dBcjHp7qx57Gek/DBoGifUaTHHB72eh2NT:Wvk22SsaNYfdPBldt6+dBcjHxqE
-
Quasar payload
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-