General
-
Target
Client-built.exe
-
Size
3.1MB
-
Sample
240407-wbdjzsab2t
-
MD5
293e5793dea329af168463e35950c84a
-
SHA1
790fb958938ab09415b8c61deb0d164a24dad596
-
SHA256
eddbc56dadb4921c99e30d4637b61238b6b2188b5db86f47bc720cbbb5b15bc7
-
SHA512
0b5cd07cb0f8aa1a74a864c737d4447c0bd370cbbfe07d3014c2ec7a355bae5df84674238d105396a30dc37c0c0606870d0dc4f69f1068c849ceb72cae0c39a7
-
SSDEEP
49152:rvbI22SsaNYfdPBldt698dBcjHZNp+oGdDkTHHB72eh2NT:rvk22SsaNYfdPBldt6+dBcjHZNU
Behavioral task
behavioral1
Sample
Client-built.exe
Resource
win7-20231129-en
Malware Config
Extracted
quasar
1.4.1
Office04
2.tcp.eu.ngrok.io:16096
755f883f-4d58-4349-bc9e-f21c4e163b6f
-
encryption_key
EE65D8F2E429F4900E3A17963595716D863A2455
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
Client-built.exe
-
Size
3.1MB
-
MD5
293e5793dea329af168463e35950c84a
-
SHA1
790fb958938ab09415b8c61deb0d164a24dad596
-
SHA256
eddbc56dadb4921c99e30d4637b61238b6b2188b5db86f47bc720cbbb5b15bc7
-
SHA512
0b5cd07cb0f8aa1a74a864c737d4447c0bd370cbbfe07d3014c2ec7a355bae5df84674238d105396a30dc37c0c0606870d0dc4f69f1068c849ceb72cae0c39a7
-
SSDEEP
49152:rvbI22SsaNYfdPBldt698dBcjHZNp+oGdDkTHHB72eh2NT:rvk22SsaNYfdPBldt6+dBcjHZNU
-
Quasar payload
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-