General
-
Target
imageloggerV2.exe
-
Size
3.1MB
-
Sample
240722-zfv7daxepq
-
MD5
a203e9c646b83a427599b8f7e2bc50ef
-
SHA1
011010162a342d270ae62ebe6490dd94a671d6a7
-
SHA256
2baf75826c08cf4cd5c35a52681c6543d726e6f6fb1650205a018684746552a1
-
SHA512
e046bd124f712f355383a87cd494b11a92255137c02ba604493a0bee82f113d018678a966ab3c3e0aa4be5869f880f4cc9811ebbdfea11f680a97569aa885fe7
-
SSDEEP
49152:CvqI22SsaNYfdPBldt698dBcjHSOy3ECsAk/GfSoGdcJ1ATHHB72eh2NT:CvH22SsaNYfdPBldt6+dBcjHSOyda
Behavioral task
behavioral1
Sample
imageloggerV2.exe
Resource
win7-20240708-en
Malware Config
Extracted
quasar
1.4.1
Office04
romein-26037.portmap.host:26037
25405edf-120b-4b35-acc0-ab3f70b59bf8
-
encryption_key
4D9E51CB5BF81499F369788BAA57C68300233F9D
-
install_name
imagelogger.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
java updater
-
subdirectory
SubDir
Targets
-
-
Target
imageloggerV2.exe
-
Size
3.1MB
-
MD5
a203e9c646b83a427599b8f7e2bc50ef
-
SHA1
011010162a342d270ae62ebe6490dd94a671d6a7
-
SHA256
2baf75826c08cf4cd5c35a52681c6543d726e6f6fb1650205a018684746552a1
-
SHA512
e046bd124f712f355383a87cd494b11a92255137c02ba604493a0bee82f113d018678a966ab3c3e0aa4be5869f880f4cc9811ebbdfea11f680a97569aa885fe7
-
SSDEEP
49152:CvqI22SsaNYfdPBldt698dBcjHSOy3ECsAk/GfSoGdcJ1ATHHB72eh2NT:CvH22SsaNYfdPBldt6+dBcjHSOyda
-
Quasar payload
-
Executes dropped EXE
-
Drops file in System32 directory
-