General
-
Target
solar.exe
-
Size
3.1MB
-
Sample
240525-nfwblaee6z
-
MD5
ca558fea52e3ca7a1b61e0f69ac268b2
-
SHA1
2445d78506e19c17c99eca0744719c409c1e2c04
-
SHA256
a3773025a4ff7ba7e2ea475c8e5b2c74bd60f963ad9e27ae7ca0123fbb235976
-
SHA512
7d3e5cab72a6e7da4d2cc7fca940d58d0c0c82e1a3ee5dfce38317eb6eb6446bac82ed66bfc96c84e1c7917f1a00c1635640daa42ce09fa3ab27c5f213d73396
-
SSDEEP
49152:DvrI22SsaNYfdPBldt698dBcjHDsqxbR4LoGdYWTHHB72eh2NT:DvU22SsaNYfdPBldt6+dBcjHDsqe
Malware Config
Extracted
quasar
1.4.1
quasar
cr7stakewin-27924.portmap.host:27924
b16a5a4a-0575-4e0e-8ddd-77ced9920af6
-
encryption_key
72EAB2364235F953EB6EBC4967F5FAA96FD1EEE1
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar
-
subdirectory
SubDir
Targets
-
-
Target
solar.exe
-
Size
3.1MB
-
MD5
ca558fea52e3ca7a1b61e0f69ac268b2
-
SHA1
2445d78506e19c17c99eca0744719c409c1e2c04
-
SHA256
a3773025a4ff7ba7e2ea475c8e5b2c74bd60f963ad9e27ae7ca0123fbb235976
-
SHA512
7d3e5cab72a6e7da4d2cc7fca940d58d0c0c82e1a3ee5dfce38317eb6eb6446bac82ed66bfc96c84e1c7917f1a00c1635640daa42ce09fa3ab27c5f213d73396
-
SSDEEP
49152:DvrI22SsaNYfdPBldt698dBcjHDsqxbR4LoGdYWTHHB72eh2NT:DvU22SsaNYfdPBldt6+dBcjHDsqe
-
Quasar payload
-
Executes dropped EXE
-