General
-
Target
9e1276a64065335038649c9c55137633d4b02b0a3d564635f621f41b5890b326
-
Size
3.1MB
-
Sample
240417-cmmr9aba33
-
MD5
e9633057e16f92098ddc3a798feeaff2
-
SHA1
3923362ecc24bbc6c61eda73caecaccb83511573
-
SHA256
9e1276a64065335038649c9c55137633d4b02b0a3d564635f621f41b5890b326
-
SHA512
48b60794cf45127452de0b69f9275de62243e3ef5c7f65b7c7f0701d1cbc91b1fe1e6e7b8f5d543298ab88692210e60ca50b0b88f2d4221c3d7190eb0aaeb3a9
-
SSDEEP
49152:3vrI22SsaNYfdPBldt698dBcjHXXo8dpDVoGdi5THHB72eh2NT:3vU22SsaNYfdPBldt6+dBcjHnoe
Behavioral task
behavioral1
Sample
9e1276a64065335038649c9c55137633d4b02b0a3d564635f621f41b5890b326.exe
Resource
win7-20240221-en
Malware Config
Extracted
quasar
1.4.1
Office04
LunasLove-64385.portmap.host:64385
508f4b75-ce7c-432c-b5a7-7763b93b6ac5
-
encryption_key
76EBDC42E51E79D0A828180D2490940F63BFFF8C
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
WindowsClient
-
subdirectory
SubDir
Targets
-
-
Target
9e1276a64065335038649c9c55137633d4b02b0a3d564635f621f41b5890b326
-
Size
3.1MB
-
MD5
e9633057e16f92098ddc3a798feeaff2
-
SHA1
3923362ecc24bbc6c61eda73caecaccb83511573
-
SHA256
9e1276a64065335038649c9c55137633d4b02b0a3d564635f621f41b5890b326
-
SHA512
48b60794cf45127452de0b69f9275de62243e3ef5c7f65b7c7f0701d1cbc91b1fe1e6e7b8f5d543298ab88692210e60ca50b0b88f2d4221c3d7190eb0aaeb3a9
-
SSDEEP
49152:3vrI22SsaNYfdPBldt698dBcjHXXo8dpDVoGdi5THHB72eh2NT:3vU22SsaNYfdPBldt6+dBcjHnoe
-
Quasar payload
-
Detects Windows executables referencing non-Windows User-Agents
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables containing common artifacts observed in infostealers
-
Executes dropped EXE
-