General
-
Target
SolaraBootstrapper.exe
-
Size
3.1MB
-
Sample
240722-jcxm2awdpm
-
MD5
1188979dd3fb9b1d433da026f9489ba4
-
SHA1
4da27aa94c329e3e3075a832013a191b3dc341c5
-
SHA256
f622e2e5574ecd4c9fc9e518a59c445e3f163a1b752e00b6a2ca02ce9108586d
-
SHA512
28b82b3a48d3b49b92582e47af374f87c4f4c2bf32851cf2e3922f7573f6ff399a4421cf8e6d512e0f863cf39d0572f88e6473ea7e640cc70ecd8eee2dc44618
-
SSDEEP
49152:bvyI22SsaNYfdPBldt698dBcjHcP9wHMfdOoGdvZTHHB72eh2NT:bvf22SsaNYfdPBldt6+dBcjHcP9wJ/
Malware Config
Extracted
quasar
1.4.1
Office04
192.168.254.166:4782
d6b04272-e4a0-454d-92f8-0e055434ec16
-
encryption_key
C28613BFC53E0A950FB6D47EA69A78BFBB7B9B56
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
SolaraBootstrapper.exe
-
Size
3.1MB
-
MD5
1188979dd3fb9b1d433da026f9489ba4
-
SHA1
4da27aa94c329e3e3075a832013a191b3dc341c5
-
SHA256
f622e2e5574ecd4c9fc9e518a59c445e3f163a1b752e00b6a2ca02ce9108586d
-
SHA512
28b82b3a48d3b49b92582e47af374f87c4f4c2bf32851cf2e3922f7573f6ff399a4421cf8e6d512e0f863cf39d0572f88e6473ea7e640cc70ecd8eee2dc44618
-
SSDEEP
49152:bvyI22SsaNYfdPBldt698dBcjHcP9wHMfdOoGdvZTHHB72eh2NT:bvf22SsaNYfdPBldt6+dBcjHcP9wJ/
-
Quasar payload
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-