General
-
Target
Hello.zip
-
Size
1.2MB
-
Sample
240602-3mttnsce25
-
MD5
71a5a0777c905188d8d419b0e4914fd5
-
SHA1
a2f0d35a8a4eedeb574db6dc5bb6cff8d4f0eef9
-
SHA256
f8b020a7d73dd702f0be5c3b77c4de8ee142bd5a3aac3f4ebc64f16fa9715985
-
SHA512
66da0f340079383705c195dee3e23e55fa101287817e0ae06aa6a3187edb4136ce7a357615c026f30c13de899906bf440cf7c4902dfa421b0bcbee2f08ee4698
-
SSDEEP
24576:8puqb2UP1BfGLkWW1BpE82gk2T5qYc5ey3J8kerpMDvCx9e:3UP1BfGQWCBeAT5qYue0JYpMDvCx9e
Behavioral task
behavioral1
Sample
Client-built.exe
Resource
win7-20240221-en
Malware Config
Extracted
quasar
1.4.1
Office04
192.168.1.1:4782
88.98.207.207:4782
192.168.1.211:4782
6d19d2f9-1235-4b10-a1dd-486dc3edd052
-
encryption_key
12AE26995FE0F312DC3ADA3C8CD142053AD088CA
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
Client-built.exe
-
Size
3.1MB
-
MD5
87c807da5b4a2a646390105dac94bc61
-
SHA1
597d80ed4349e431c5c059ee655c93a0c68e6528
-
SHA256
459c4c1fbef1557b5f4ead03465530713785c9cb48e2b365f5affe8e93dbec5f
-
SHA512
825df40a735987d48d328193260f885294c683c12cbb18ae5d07b889c3b7482a90cd02f05aac2d3c362fa817b6502cbec2ae6f0a6378477a9663ef477408ee9f
-
SSDEEP
49152:uvtG42pda6D+/PjlLOlg6yQipVAQRJ6abR3LoGdfTHHB72eh2NT:uvE42pda6D+/PjlLOlZyQipVAQRJ60
-
Quasar payload
-
Executes dropped EXE
-