General
-
Target
Poopy.bat
-
Size
409KB
-
Sample
240627-1bty7asamc
-
MD5
ef652484dc356b0bc87741f24f2ade24
-
SHA1
f988ef8700c1ed15fa42f9a5756471d6bc18c9c8
-
SHA256
e5e973ff9fe9b009638fc6f8e3b10ca9acad76d2c6cf887f82b018e5a39aa225
-
SHA512
fae5a830fc64a0599686368ca0d3826e4ada1ec383f6faae19054d61bee285442b7471c8f18faf4d378ea025128cab974c50a0cd8f8daf892c6107d812662fec
-
SSDEEP
12288:2piREGJq1rKb/ZeCByGDYaQnsjYQNYNc:SwpJt4CVMs8+
Malware Config
Extracted
quasar
3.1.5
SeroXen
147.185.221.20:47638
$Sxr-GV6wZsGZZMeZ3qfenc
-
encryption_key
pCYwpdVg3UP8ZY0FIEl9
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Windows Defender Anti-Malware Disable Startup
-
subdirectory
SubDir
Targets
-
-
Target
Poopy.bat
-
Size
409KB
-
MD5
ef652484dc356b0bc87741f24f2ade24
-
SHA1
f988ef8700c1ed15fa42f9a5756471d6bc18c9c8
-
SHA256
e5e973ff9fe9b009638fc6f8e3b10ca9acad76d2c6cf887f82b018e5a39aa225
-
SHA512
fae5a830fc64a0599686368ca0d3826e4ada1ec383f6faae19054d61bee285442b7471c8f18faf4d378ea025128cab974c50a0cd8f8daf892c6107d812662fec
-
SSDEEP
12288:2piREGJq1rKb/ZeCByGDYaQnsjYQNYNc:SwpJt4CVMs8+
-
Quasar payload
-