General
-
Target
https://gofile.io/d/bCs7LR
-
Sample
240423-qkdnfsgf58
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://gofile.io/d/bCs7LR
Resource
win10v2004-20240412-en
windows10-2004-x64
18 signatures
150 seconds
Malware Config
Extracted
Family
quasar
Version
1.4.1
Botnet
Office04
C2
6.tcp.ngrok.io:16799
Mutex
0c20af10-1b0a-4d0e-bbca-3718ee39e827
Attributes
-
encryption_key
284202D1B7ED732612BB54048953C4453A2549F9
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
System32
-
subdirectory
SubDir
Targets
-
-
Target
https://gofile.io/d/bCs7LR
-
Quasar payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-