General
-
Target
MainBuild.exe
-
Size
3.1MB
-
Sample
240417-z1wnmsfd9y
-
MD5
3bbe6fc1601a30703de700e53c6f072f
-
SHA1
e59be8b17dde867d5dd52d563f6c115149f4473a
-
SHA256
96e859dad002f1e69e810c5f6ac60926f71a5ec03b4a7bde6cb9935f2927fbc3
-
SHA512
197a18f9d5d01cee50c160450b23e60b3a770e4140462b032efe44cfd9e9b2a6fa513ada7bef341624e20fd6760ca1e492de4fd2b359da660735dafc518c3ce0
-
SSDEEP
49152:Gvkt62XlaSFNWPjljiFa2RoUYIYxrEDkGk/JxfoGdOTHHB72eh2NT:Gv462XlaSFNWPjljiFXRoUYIYx31
Malware Config
Extracted
quasar
1.4.1
Office04
192.168.56.1:4782
25d56285-d107-418c-8a2b-195563744f12
-
encryption_key
612E594137626EF1C1C6346882A826EBAFFC773E
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
System 32
-
subdirectory
SubDir
Targets
-
-
Target
MainBuild.exe
-
Size
3.1MB
-
MD5
3bbe6fc1601a30703de700e53c6f072f
-
SHA1
e59be8b17dde867d5dd52d563f6c115149f4473a
-
SHA256
96e859dad002f1e69e810c5f6ac60926f71a5ec03b4a7bde6cb9935f2927fbc3
-
SHA512
197a18f9d5d01cee50c160450b23e60b3a770e4140462b032efe44cfd9e9b2a6fa513ada7bef341624e20fd6760ca1e492de4fd2b359da660735dafc518c3ce0
-
SSDEEP
49152:Gvkt62XlaSFNWPjljiFa2RoUYIYxrEDkGk/JxfoGdOTHHB72eh2NT:Gv462XlaSFNWPjljiFXRoUYIYx31
-
Quasar payload
-
Executes dropped EXE
-