General
-
Target
client.exe
-
Size
3.1MB
-
Sample
240525-bwy17sab45
-
MD5
4dfff8420e0d2f3a0e30a3ae8e005830
-
SHA1
379546834fa347bdcf6a4aa1a9d956b540d33b55
-
SHA256
7869d203ee2ffc4d75d4d542cc2e3a970ca249d675e8bc7bd4f9cc85c80cab69
-
SHA512
6f4de859019a9ed236f6ddcbb03737c9e643368ae74fea3b36f7254a1b691448fb5f5befe4997554ed96f099309908f6b0a42d46161d3727d07620b1ecca94cb
-
SSDEEP
49152:2vBt62XlaSFNWPjljiFa2RoUYIlQcMbKLoGdFewTHHB72eh2NT:2vr62XlaSFNWPjljiFXRoUYIlQcM2
Malware Config
Extracted
quasar
1.4.1
watchdog
142.115.43.39:8080
1c1f3ace-a14c-4361-99eb-65aedb6d50fd
-
encryption_key
3FAEE4D5FC9BC245D4CA5F4165EAFD34E8D5FE16
-
install_name
watchdog.exe
-
log_directory
logs
-
reconnect_delay
3000
-
startup_key
watchdog
-
subdirectory
drivers
Targets
-
-
Target
client.exe
-
Size
3.1MB
-
MD5
4dfff8420e0d2f3a0e30a3ae8e005830
-
SHA1
379546834fa347bdcf6a4aa1a9d956b540d33b55
-
SHA256
7869d203ee2ffc4d75d4d542cc2e3a970ca249d675e8bc7bd4f9cc85c80cab69
-
SHA512
6f4de859019a9ed236f6ddcbb03737c9e643368ae74fea3b36f7254a1b691448fb5f5befe4997554ed96f099309908f6b0a42d46161d3727d07620b1ecca94cb
-
SSDEEP
49152:2vBt62XlaSFNWPjljiFa2RoUYIlQcMbKLoGdFewTHHB72eh2NT:2vr62XlaSFNWPjljiFXRoUYIlQcM2
-
Quasar payload
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Drops file in System32 directory
-