General
-
Target
0ad767569575baeeba2c76169fe9389b805364dd3a71e5e8d818dea5a94acc50
-
Size
6.0MB
-
Sample
240501-treqwadb63
-
MD5
4d05ea664b21ab95e888f456afa1a7a8
-
SHA1
b4ddeb5b9c83cd8ff02004f52751d1298212a37c
-
SHA256
0ad767569575baeeba2c76169fe9389b805364dd3a71e5e8d818dea5a94acc50
-
SHA512
05825d447257267ab9079f15f31565dc7bf88dc6293ccf9ca93bee67a63ef1a68ee29b5a54d33336a4864e326b90239fc34b13831e1243b1390a96f5214aad20
-
SSDEEP
98304:aBDvEtGdg2pgJTJSCYLCWcpc2tlbWvKUeR+T8u0:aBDt9gJTXYGWcRtlivOA
Static task
static1
Behavioral task
behavioral1
Sample
0ad767569575baeeba2c76169fe9389b805364dd3a71e5e8d818dea5a94acc50.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
quasar
1.4.1
Office04
93.123.85.108:4782
e14b8f59-979b-4ebf-8602-dd3c4d6c301e
-
encryption_key
534734397C0FA9A1D28F061AD75DF4100BFF5787
-
install_name
Msconfig.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
0ad767569575baeeba2c76169fe9389b805364dd3a71e5e8d818dea5a94acc50
-
Size
6.0MB
-
MD5
4d05ea664b21ab95e888f456afa1a7a8
-
SHA1
b4ddeb5b9c83cd8ff02004f52751d1298212a37c
-
SHA256
0ad767569575baeeba2c76169fe9389b805364dd3a71e5e8d818dea5a94acc50
-
SHA512
05825d447257267ab9079f15f31565dc7bf88dc6293ccf9ca93bee67a63ef1a68ee29b5a54d33336a4864e326b90239fc34b13831e1243b1390a96f5214aad20
-
SSDEEP
98304:aBDvEtGdg2pgJTJSCYLCWcpc2tlbWvKUeR+T8u0:aBDt9gJTXYGWcRtlivOA
-
Quasar payload
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-