General
-
Target
Client-built.exe
-
Size
3.1MB
-
Sample
240407-vwt7ssaa73
-
MD5
96bda7e2b90225a588674f3de228e620
-
SHA1
b891305ef12a32016f1a8f7b6fc442321a3e4d02
-
SHA256
143bbf5bac623e9042c4878583568b9a25688f82771e59c04ad6512fc1cf9941
-
SHA512
71d890bc461111ba74f19d3521eaf5b0afe0ef6008378648cabfdedad4245fe804dfa7665a4bca5567bcb8a8d9e955efefd93c413a9ee6a58a7c3d46a6c4e023
-
SSDEEP
49152:nviI22SsaNYfdPBldt698dBcjH5HCRyCAarzaoGdWTHHB72eh2NT:nvv22SsaNYfdPBldt6+dBcjHNXC0
Behavioral task
behavioral1
Sample
Client-built.exe
Resource
win7-20240221-en
Malware Config
Extracted
quasar
1.4.1
Office04
73.238.161.169:4782
6f2da1e0-0b1d-4489-8337-4b54f7842996
-
encryption_key
C3507C52E0A338AFEFD6D5EFFBE2D0543A9115C7
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
Client-built.exe
-
Size
3.1MB
-
MD5
96bda7e2b90225a588674f3de228e620
-
SHA1
b891305ef12a32016f1a8f7b6fc442321a3e4d02
-
SHA256
143bbf5bac623e9042c4878583568b9a25688f82771e59c04ad6512fc1cf9941
-
SHA512
71d890bc461111ba74f19d3521eaf5b0afe0ef6008378648cabfdedad4245fe804dfa7665a4bca5567bcb8a8d9e955efefd93c413a9ee6a58a7c3d46a6c4e023
-
SSDEEP
49152:nviI22SsaNYfdPBldt698dBcjH5HCRyCAarzaoGdWTHHB72eh2NT:nvv22SsaNYfdPBldt6+dBcjHNXC0
-
Quasar payload
-
Executes dropped EXE
-
Drops file in System32 directory
-