General
-
Target
tmpnmsymvtn
-
Size
3.2MB
-
Sample
240626-j6edjsvcpa
-
MD5
91303874b8a51ac4da1d9da6ebb3d0ef
-
SHA1
f41ed21d3a37069355b5c84222bea6f6b68d64bf
-
SHA256
653798b0c7226a4189bded9afaae0f0c540216c2acda512c809a61008e4ae169
-
SHA512
acad1d59abd248c12ee918496d9a40c16a040c765d42d074c9ed0b055e97bddc6563ead28666122c30d8a887ff87ba190c4ad33478ed8f0e26e3c8d50e9e42aa
-
SSDEEP
49152:gvEuf2NUaNmwzPWlvdaKM7ZxTwqnxNESEdk/iqLoGdQTHHB72eh2NTDyfo:gvzf2NUaNmwzPWlvdaB7ZxTwSx8URK
Behavioral task
behavioral1
Sample
tmpnmsymvtn.exe
Resource
win7-20231129-en
Malware Config
Extracted
quasar
1.4.1
hi
care-somewhere.gl.at.ply.gg:38177
127.0.0.1:38177
09a22f35-6eea-40d3-8df0-f44e1f092037
-
encryption_key
D9185A099F336661ED8D6035D739C63B5B34E3D8
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Update
-
subdirectory
SubDir
Targets
-
-
Target
tmpnmsymvtn
-
Size
3.2MB
-
MD5
91303874b8a51ac4da1d9da6ebb3d0ef
-
SHA1
f41ed21d3a37069355b5c84222bea6f6b68d64bf
-
SHA256
653798b0c7226a4189bded9afaae0f0c540216c2acda512c809a61008e4ae169
-
SHA512
acad1d59abd248c12ee918496d9a40c16a040c765d42d074c9ed0b055e97bddc6563ead28666122c30d8a887ff87ba190c4ad33478ed8f0e26e3c8d50e9e42aa
-
SSDEEP
49152:gvEuf2NUaNmwzPWlvdaKM7ZxTwqnxNESEdk/iqLoGdQTHHB72eh2NTDyfo:gvzf2NUaNmwzPWlvdaB7ZxTwSx8URK
-
Quasar payload
-
Executes dropped EXE
-