General
-
Target
test - Copie.exe
-
Size
3.1MB
-
Sample
240629-rhadpaygmh
-
MD5
1910d58cf65bec326f23a30563ab24c9
-
SHA1
1f97e5ddc0634a911aa95684086b000ab86727dc
-
SHA256
06cd6bdc86d2c7c4e3f4368d5f98a3f46236f19e76c0aaf9b26f8b868133a7fd
-
SHA512
c2e901122968c0b9267adb7863ab600e6837557f3132e8dab049de2d037b0246e1fd1809151338eccab4de9c7b370f3f30a7744b38ac8668c283a306638d0024
-
SSDEEP
49152:KvnI22SsaNYfdPBldt698dBcjHBCj1JDLoGdXTHHB72eh2NT:KvI22SsaNYfdPBldt6+dBcjHBCb
Malware Config
Extracted
quasar
1.4.1
TESTIP
0.tcp.ngrok.io:14534
88de9d82-6909-427b-8a11-f28cf4280285
-
encryption_key
562515CBE0241F4FD48C91375ED3063F997D8AEE
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
test - Copie.exe
-
Size
3.1MB
-
MD5
1910d58cf65bec326f23a30563ab24c9
-
SHA1
1f97e5ddc0634a911aa95684086b000ab86727dc
-
SHA256
06cd6bdc86d2c7c4e3f4368d5f98a3f46236f19e76c0aaf9b26f8b868133a7fd
-
SHA512
c2e901122968c0b9267adb7863ab600e6837557f3132e8dab049de2d037b0246e1fd1809151338eccab4de9c7b370f3f30a7744b38ac8668c283a306638d0024
-
SSDEEP
49152:KvnI22SsaNYfdPBldt698dBcjHBCj1JDLoGdXTHHB72eh2NT:KvI22SsaNYfdPBldt6+dBcjHBCb
-
Quasar payload
-
Legitimate hosting services abused for malware hosting/C2
-