General
-
Target
Dishkum Tena.rar
-
Size
1.0MB
-
Sample
240603-jhlgyshe52
-
MD5
f2715fdbcd028afa00787a02ce3f9e6d
-
SHA1
61080026cbc016e6248f7ef2dc135c21eb4c93de
-
SHA256
b20abd5beb95d17b9c77dc4fa06c98af37b62489e9cf5da8e4e12b19ed93cf6f
-
SHA512
aa898f2567db93d2097d02540238ea4d83cc094b5ec07d1b548b846c575e1d2d67a2be3ab8b48d3ee6a1e19102e2231bbb0db98ab275757949fc791040d31bb0
-
SSDEEP
24576:BN0XV+4jqWA7ltRseYUmNT2NknUaxJeh1flSCewl8ul:BqVMWA7lcexmNT2unhxJerfsCN8ul
Malware Config
Extracted
quasar
1.4.1
Dani69
192.168.1.2:4782
9f26ad88-50ee-4f62-81ff-c770a798a67c
-
encryption_key
81B07382BFEB227CBA1AE8701042E7A26708E9ED
-
install_name
Dani69.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Dani69
-
subdirectory
SubDir
Targets
-
-
Target
Dishkum Tena.exe
-
Size
3.1MB
-
MD5
36970784c3736c71546d73e0773ee956
-
SHA1
2d09c257a3e09b079d23520400953bafc495e06e
-
SHA256
55d9f08bfa42b14a3bbb968df3b645e18ea4c311656c272c1b9522aa648f955d
-
SHA512
6f0fd26eb7f2b64c875f7021f82ddf8240beaba804a6649404ac8e33115d1372dc53cae94e242b1a77a4bf86f4836bc072b9e64563204b591d03357d3c82be2c
-
SSDEEP
49152:Gvht62XlaSFNWPjljiFa2RoUYI1C91JgLoGd9hTHHB72eh2NT:GvL62XlaSFNWPjljiFXRoUYI1CE
-
Quasar payload
-
Executes dropped EXE
-