General
-
Target
SS.exe
-
Size
3.2MB
-
Sample
240523-ey155adf5t
-
MD5
a4263aed426b47b7c69c8471cae4c70c
-
SHA1
b073f02e9f6b678e3d96051d2650a4e05b2bf495
-
SHA256
0e7838c047bec0c9e0ff37ea27710ed13b2e98b8a53a88412cc3e48e40f77c34
-
SHA512
3c3a52f58f4ad0a24259c4795d1e88d8f351e22a2d669f7865c129517c3b1cc8aefc1b47b7addd0d55659c0f952ae96a081839f0331e550911f00ee40d6b09ac
-
SSDEEP
49152:EvkI22SsaNYfdPBldt698dBcjHmpRJ6SbR3LoGd9qTHHB72eh2NT:EvJ22SsaNYfdPBldt6+dBcjHmpRJ6Mt
Malware Config
Extracted
quasar
1.4.1
CCS
192.34.131.34:4782
c744c156-36e3-44bc-93ce-687989e40591
-
encryption_key
1CC648F6A0064334E8932D119FA24AEA676ED25C
-
install_name
Candy Crush Saga.exe
-
log_directory
Logs
-
reconnect_delay
0
-
startup_key
Candy Crush
-
subdirectory
Candy Crush
Targets
-
-
Target
SS.exe
-
Size
3.2MB
-
MD5
a4263aed426b47b7c69c8471cae4c70c
-
SHA1
b073f02e9f6b678e3d96051d2650a4e05b2bf495
-
SHA256
0e7838c047bec0c9e0ff37ea27710ed13b2e98b8a53a88412cc3e48e40f77c34
-
SHA512
3c3a52f58f4ad0a24259c4795d1e88d8f351e22a2d669f7865c129517c3b1cc8aefc1b47b7addd0d55659c0f952ae96a081839f0331e550911f00ee40d6b09ac
-
SSDEEP
49152:EvkI22SsaNYfdPBldt698dBcjHmpRJ6SbR3LoGd9qTHHB72eh2NT:EvJ22SsaNYfdPBldt6+dBcjHmpRJ6Mt
-
Quasar payload
-
Executes dropped EXE
-