General
-
Target
Loki.zip
-
Size
27.1MB
-
Sample
240426-3tf66aee97
-
MD5
4004691de83891280197c8e2afc533c6
-
SHA1
b5415376d2c5f6c4393df262326d547fa797c984
-
SHA256
7426bfffbdfa22967e0d7570ba07fb0c821d0b65ba6aa159b3798906bf3846cc
-
SHA512
1fc784e09a326b085a1ef15cebf9fe531e3edbbbaba179ec6bba1ba2ef3fd0028de742d21072fede224f5614b3b8a50ccd14bf1813072529e1aab64973a5b370
-
SSDEEP
786432:XEyQ7j+e56WR4WJGL48fJKfV0cKCCBwIRMGV/sjGRD9XDoa:0yQH+e5NH4LTJ20vbBBRMGV/Nh9Ma
Behavioral task
behavioral1
Sample
Loki/install.exe
Resource
win7-20240221-en
Malware Config
Extracted
quasar
1.4.1
Office04
192.168.0.102:4782
eac23e77-c75f-454e-844b-09c00c9fa1bc
-
encryption_key
E691C3454CA7E584A0CAEACC33DE2648D0070D50
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
Loki/install.exe
-
Size
3.1MB
-
MD5
888ceac60d45c11a1a8da876c3555247
-
SHA1
e286dd46646036fbe529a4fed2ceff41f8f00e3f
-
SHA256
b862d153c5fe9106983a79821c87ab071bf9a7c2492ca378764533cd05784815
-
SHA512
daa02e6ae8fd9c17b25b93bfd5eec539a6bbc081dbbb0a5507dc9f0019838e83974f9b1b55981318af3c5e3445c3e754cb16a1a83f57e2cbf3115c34f1f3f34b
-
SSDEEP
49152:yvFt62XlaSFNWPjljiFa2RoUYIiTIcEiOTk/fLoGd0THHB72eh2NT:yv362XlaSFNWPjljiFXRoUYIeIC
-
Quasar payload
-
Executes dropped EXE
-