General
-
Target
Gtag_spoofer-main.zip
-
Size
1.2MB
-
Sample
240421-bgdrqaeh29
-
MD5
f086c6467349c4020a4558c4bdb4dccf
-
SHA1
46cef99dc385384d79286fb3afbdbab33013a020
-
SHA256
361caae62a252ed7c2c8020dc16ab8dd73debaebbd528268b06b9172fb7e996b
-
SHA512
7da2db05e300b7ea800d2575fb67560d5a4b68edc2c301d9773587848d6059ee18adf62b6ed87ebb660b46f00bdaf85040892fed892106c42c87cd98cf4a600e
-
SSDEEP
24576:coKbu+H1Da3BsWDsb+x0Ri7KzTjZ/E+UXQdYKHNt72+D1gEwkMfR:coKbLHglmZsJNt+DRPMfR
Malware Config
Extracted
quasar
1.4.1
Office04
192.168.0.53:4782
e1883fb9-6361-4406-b1f7-f82f80cbbe14
-
encryption_key
863766762E363E1F1B41973F98B5594794BAAEC6
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
Gtag_spoofer-main/Gtagspoofer_1.4.7.exe
-
Size
3.1MB
-
MD5
5110076773db1352ac91ef673fef465f
-
SHA1
415ee6c130d71942a7197642d1a4ae7efb637ea8
-
SHA256
8575df8567eb8fbb7b07954de694590e07757edf2bfcf3b623b1df9790ce698d
-
SHA512
a9c081c768e3c72c8a8bfda715575e50a2a087e4dc1ec4e104bc761549af3c2fb5a3e9097c03bacec4940e6d7de65aa5a75dfc17ed784d4453f9de69e7ff2877
-
SSDEEP
49152:rvyI22SsaNYfdPBldt698dBcjHS8x6EMk2k/JKPoGdDTHHB72eh2NT:rvf22SsaNYfdPBldt6+dBcjHS8xxi
-
Quasar payload
-
Executes dropped EXE
-