General
-
Target
Client-built.exe
-
Size
3.1MB
-
Sample
240425-vav7zach45
-
MD5
b562aa20ac8830c5573e6251e756b413
-
SHA1
fc2ffa2c1cf75f6bc9a49b50f80e7903778f5511
-
SHA256
e69fe746cdcd081f7dda3d507a3d0ea706c421e6857e138f7880ade96a9c03de
-
SHA512
be02f217ff67d29ee3e26ad2eec0dd4468009c05f123ca0e98cf77f850ea85d40165f38626b437d64afad923ee2d46499f2efb3654b6c7d8e49406967195b78e
-
SSDEEP
49152:ovRL82kyaNnwxPlllSWxc9LpQXwvRJ6CbR3LoGdqTHHB72eh2NT:ovJ82kyaNnwxPlllSWa9LpQXwvRJ68
Malware Config
Extracted
quasar
1.4.1
Office04
Enslotheya2-61094.portmap.host:4782
Enslotheya2-61094.portmap.host:46201
193.161.193.99:4782
193.161.193.99:61094
193.161.193.99:46201
8ea6b073-ee8d-4f7f-8fba-1e280e616d24
-
encryption_key
74E1B4AC3CD2ECB5E4C2870E4E135FA00D21CA8C
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
Client-built.exe
-
Size
3.1MB
-
MD5
b562aa20ac8830c5573e6251e756b413
-
SHA1
fc2ffa2c1cf75f6bc9a49b50f80e7903778f5511
-
SHA256
e69fe746cdcd081f7dda3d507a3d0ea706c421e6857e138f7880ade96a9c03de
-
SHA512
be02f217ff67d29ee3e26ad2eec0dd4468009c05f123ca0e98cf77f850ea85d40165f38626b437d64afad923ee2d46499f2efb3654b6c7d8e49406967195b78e
-
SSDEEP
49152:ovRL82kyaNnwxPlllSWxc9LpQXwvRJ6CbR3LoGdqTHHB72eh2NT:ovJ82kyaNnwxPlllSWa9LpQXwvRJ68
-
Quasar payload
-