General
-
Target
httpsgofile.iodntQlho.txt
-
Size
26B
-
Sample
240520-rfk3eadb77
-
MD5
beb4937bff161601f6e59c168205d2da
-
SHA1
c26f4c5c7334eb6184d08adbacbb8fb6a8653ab4
-
SHA256
215d09d1793ed0f9da71484b97fb12b7d40b0fc0cb5f509e037ed721760c9d96
-
SHA512
16ab09407a5af59545ef8defb651b13572987bbcfb4fd87fef2de24d977ab3c6e8b7d83e83cb8247fae050724ecea880637b57b2dcc6164279207478b35f4eb5
Static task
static1
Malware Config
Extracted
quasar
1.4.1
Office04
191.101.209.39:4782
f00c7ad6-aca4-4fa5-9b92-3a0bdaf90105
-
encryption_key
8F08986A76A43D6215CF6C495B5B1B45D9B0B3D1
-
install_name
Celex.exe
-
log_directory
Logs
-
reconnect_delay
2929
-
startup_key
Windows
-
subdirectory
SubDir
Targets
-
-
Target
httpsgofile.iodntQlho.txt
-
Size
26B
-
MD5
beb4937bff161601f6e59c168205d2da
-
SHA1
c26f4c5c7334eb6184d08adbacbb8fb6a8653ab4
-
SHA256
215d09d1793ed0f9da71484b97fb12b7d40b0fc0cb5f509e037ed721760c9d96
-
SHA512
16ab09407a5af59545ef8defb651b13572987bbcfb4fd87fef2de24d977ab3c6e8b7d83e83cb8247fae050724ecea880637b57b2dcc6164279207478b35f4eb5
-
Quasar payload
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-