General
-
Target
Test.exe
-
Size
12.3MB
-
Sample
240722-w35sjs1bme
-
MD5
e1d7bec28c7f54f0ff98ced99f505da1
-
SHA1
0de847dd7e30eeedb1392fa4890b604b2911c8a9
-
SHA256
102347f70b3a45e3d41030860c207e41421337f0e66bd709ecd5ff4d45f8412a
-
SHA512
5e7571f43da8c880cd6d641f67c6f8eec526cef2871b06432f92d71c63eb8ca6d646c78deaa29ddad89a348b0dcf435183e4aceb369806d73762be4c96067971
-
SSDEEP
393216:OcGqEA3g931+TtIiFv0VQvgbKLZIw09sCZ:gqEAM1QtIVI/0
Behavioral task
behavioral1
Sample
Test.exe
Resource
win7-20240708-en
Malware Config
Extracted
quasar
1.4.1
Office04
memo2023.publicvm.com:4782
dd517aa1-9103-4e21-9570-9ff2818203b0
-
encryption_key
4231AAAA578EE0C216DA911F7E4C5AFB83292A51
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
Test.exe
-
Size
12.3MB
-
MD5
e1d7bec28c7f54f0ff98ced99f505da1
-
SHA1
0de847dd7e30eeedb1392fa4890b604b2911c8a9
-
SHA256
102347f70b3a45e3d41030860c207e41421337f0e66bd709ecd5ff4d45f8412a
-
SHA512
5e7571f43da8c880cd6d641f67c6f8eec526cef2871b06432f92d71c63eb8ca6d646c78deaa29ddad89a348b0dcf435183e4aceb369806d73762be4c96067971
-
SSDEEP
393216:OcGqEA3g931+TtIiFv0VQvgbKLZIw09sCZ:gqEAM1QtIVI/0
-
Quasar payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-