General
Static task
static1
URLScan task
urlscan1
Malware Config
Extracted
Family
quasar
Version
1.4.1
Botnet
Opera
C2
192.168.2.115:1162
Mutex
38ed98b5-964f-4a70-a34b-b5a280e2a008
Attributes
-
encryption_key
7A857EF3A3EB39AF399F1F3800FB9F842DC83C9E
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
1
-
startup_key
MicrosoftUpdate
-
subdirectory
SubDir
Targets
-
-
Target
https://github.com/discord1ggWUFGKADF/Celex/blob/main/Zen9andCelex.exe
-
Quasar payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-