General
-
Target
svchost.bin
-
Size
3.1MB
-
Sample
240412-y768aaeb73
-
MD5
0f9c30a5bae6e31c8a8eb2ceecdc57be
-
SHA1
fff94805376677c20a6495bbfa8bbf4e22b72277
-
SHA256
08d7a3818950ed7200506f8e369605fddc175d992dae57e27c03131ef73481d3
-
SHA512
ee53d249edd26a4735f9ce628ebaa729aa5f776e6bec287f3e27a6181555f0d65237ab840caad3e0ea7e2bdb612e7e51a5057d91e8a1dc7b105e86f9c04ad88d
-
SSDEEP
49152:Wvht62XlaSFNWPjljiFa2RoUYIJLkeC44IoGdfwTHHB72eh2NT:WvL62XlaSFNWPjljiFXRoUYIJLk2
Behavioral task
behavioral1
Sample
svchost.exe
Resource
win7-20240221-en
Malware Config
Extracted
quasar
1.4.1
TEST
64.112.85.15:3888
bc7bd322-2843-4c14-9d59-eb5260299fbd
-
encryption_key
37DB0F5F6C23E583A7D14087DBDBB165213AD75B
-
install_name
svchosts.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Update
-
subdirectory
SubDir
Targets
-
-
Target
svchost.bin
-
Size
3.1MB
-
MD5
0f9c30a5bae6e31c8a8eb2ceecdc57be
-
SHA1
fff94805376677c20a6495bbfa8bbf4e22b72277
-
SHA256
08d7a3818950ed7200506f8e369605fddc175d992dae57e27c03131ef73481d3
-
SHA512
ee53d249edd26a4735f9ce628ebaa729aa5f776e6bec287f3e27a6181555f0d65237ab840caad3e0ea7e2bdb612e7e51a5057d91e8a1dc7b105e86f9c04ad88d
-
SSDEEP
49152:Wvht62XlaSFNWPjljiFa2RoUYIJLkeC44IoGdfwTHHB72eh2NT:WvL62XlaSFNWPjljiFXRoUYIJLk2
-
Quasar payload
-
Executes dropped EXE
-