General
-
Target
745a69ac20dbb2482e7512bbc14950fa41bf78dbd0a5afda0396c8d897b50002
-
Size
3.1MB
-
Sample
240408-2dpb6aha41
-
MD5
ed8542b4688d70d42d77fad98e5969b0
-
SHA1
808666505eeca15e9a7a15b95ff439497a9f1dcf
-
SHA256
745a69ac20dbb2482e7512bbc14950fa41bf78dbd0a5afda0396c8d897b50002
-
SHA512
72fc0930a4e51eb7a7b76bac97c64c9bb8e8fe30a406b294a824ecc721677c212d409368a6bca595b0ee82449d80cf7c09f4a063bbe7ee47ebcba30c5c3b6a45
-
SSDEEP
49152:KvyI22SsaNYfdPBldt698dBcjH672lSt3oGdITHHB72eh2NT:Kvf22SsaNYfdPBldt6+dBcjH62lS9
Behavioral task
behavioral1
Sample
745a69ac20dbb2482e7512bbc14950fa41bf78dbd0a5afda0396c8d897b50002.exe
Resource
win7-20240221-en
Malware Config
Extracted
quasar
1.4.1
Office04
10.127.0.54:4782
76898c6c-aad7-493e-ad05-6bb072bc1ab9
-
encryption_key
E0AA33A7353AC58B6995079C718A83EE5609573D
-
install_name
Twrek.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
745a69ac20dbb2482e7512bbc14950fa41bf78dbd0a5afda0396c8d897b50002
-
Size
3.1MB
-
MD5
ed8542b4688d70d42d77fad98e5969b0
-
SHA1
808666505eeca15e9a7a15b95ff439497a9f1dcf
-
SHA256
745a69ac20dbb2482e7512bbc14950fa41bf78dbd0a5afda0396c8d897b50002
-
SHA512
72fc0930a4e51eb7a7b76bac97c64c9bb8e8fe30a406b294a824ecc721677c212d409368a6bca595b0ee82449d80cf7c09f4a063bbe7ee47ebcba30c5c3b6a45
-
SSDEEP
49152:KvyI22SsaNYfdPBldt698dBcjH672lSt3oGdITHHB72eh2NT:Kvf22SsaNYfdPBldt6+dBcjH62lS9
-
Quasar payload
-
Detects Windows executables referencing non-Windows User-Agents
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables containing common artifacts observed in infostealers
-
Executes dropped EXE
-