General
-
Target
Rat Test.exe
-
Size
3.1MB
-
Sample
240424-nw632ahd7t
-
MD5
6446362a318368f69eef5c9fa574342b
-
SHA1
7ccbd79c497284e8a52453e0c174cbfd8c95978d
-
SHA256
24e41c8778a0250d566ca9ddd6aeb487f76f3cbb42d06178dba75d1cc18e2746
-
SHA512
a584e29648c2cd67e4ea143e8e00fc44c38af0903fcf183c5e8071eca02331921453a34b6cef38c03ef4e822331e9b7fbe6bd8be2c1796845b352a7c1a9fe470
-
SSDEEP
49152:OvyI22SsaNYfdPBldt698dBcjHd2XRJ6DbR3LoGdqTHHB72eh2NT:Ovf22SsaNYfdPBldt6+dBcjHd2XRJ61
Malware Config
Extracted
quasar
1.4.1
Office04
192.168.174.1:4782
b7c44e7e-eda8-49c1-881f-dff3c8b1d0c9
-
encryption_key
CA9FF4F38A1F1118F7C85C31CA91417B492B6C09
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
Rat Test.exe
-
Size
3.1MB
-
MD5
6446362a318368f69eef5c9fa574342b
-
SHA1
7ccbd79c497284e8a52453e0c174cbfd8c95978d
-
SHA256
24e41c8778a0250d566ca9ddd6aeb487f76f3cbb42d06178dba75d1cc18e2746
-
SHA512
a584e29648c2cd67e4ea143e8e00fc44c38af0903fcf183c5e8071eca02331921453a34b6cef38c03ef4e822331e9b7fbe6bd8be2c1796845b352a7c1a9fe470
-
SSDEEP
49152:OvyI22SsaNYfdPBldt698dBcjHd2XRJ6DbR3LoGdqTHHB72eh2NT:Ovf22SsaNYfdPBldt6+dBcjHd2XRJ61
-
Quasar payload
-
Executes dropped EXE
-