General
-
Target
Loli.exe
-
Size
5.4MB
-
Sample
240607-25vy1sdh3v
-
MD5
d65286844163ff91b3cc8dd54c92b729
-
SHA1
85e5f37f0d092252b2c44225da2e6d888d4fde0a
-
SHA256
6af13fedc6065c776cd888e5bdb32c2bb31a423af7621b387676b45f014e3a90
-
SHA512
7d096028a596a04acb2ae8b837fc81197841af33fe547039978f99809dbb854fdd9f83c0c7bde2a60f3044127871ab9dcd0f621ba3c0d87f44662bbcd5d96793
-
SSDEEP
49152:zE/yEPsBimcZhhbGKnIXDpZEV/+hH45ZRPJgBB6aCHHB72eh2Nw+N7:zELEBimcn2X9uV2iZV
Malware Config
Extracted
quasar
-
encryption_key
E2FB9900B23756E2DDF30B24E44B0961BA7B0F9C
-
reconnect_delay
3000
Targets
-
-
Target
Loli.exe
-
Size
5.4MB
-
MD5
d65286844163ff91b3cc8dd54c92b729
-
SHA1
85e5f37f0d092252b2c44225da2e6d888d4fde0a
-
SHA256
6af13fedc6065c776cd888e5bdb32c2bb31a423af7621b387676b45f014e3a90
-
SHA512
7d096028a596a04acb2ae8b837fc81197841af33fe547039978f99809dbb854fdd9f83c0c7bde2a60f3044127871ab9dcd0f621ba3c0d87f44662bbcd5d96793
-
SSDEEP
49152:zE/yEPsBimcZhhbGKnIXDpZEV/+hH45ZRPJgBB6aCHHB72eh2Nw+N7:zELEBimcn2X9uV2iZV
-
Quasar payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-