General
-
Target
Client-built.exe
-
Size
3.1MB
-
Sample
240727-svbmyswamq
-
MD5
b104969ee4b9c9d8b9169b8b0f49d83b
-
SHA1
10920cfda95473fe5367931a383c4569ea66f73f
-
SHA256
971985906bface7df4e3ad4bf9a7ac225c1757333e934dedf59215c8c2da6c3b
-
SHA512
3d4ca916cc53e5657e9704759e75d828e7c39e10d6e715e3f38abe516a926c4af049517a68deb535891aafce06fe332f5d6bf671881748d1d647ad11ab51200f
-
SSDEEP
49152:3viI22SsaNYfdPBldt698dBcjHtCm8mzQkoGdIARTHHB72eh2NT:3vv22SsaNYfdPBldt6+dBcjHtCmtt
Malware Config
Extracted
quasar
1.4.1
Office04
7.tcp.eu.ngrok.io:19112
ccf129b8-2f60-427c-ab73-260d95879b88
-
encryption_key
86C78DCE94D487549C8B075D40032E329CEC8F3A
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
Client-built.exe
-
Size
3.1MB
-
MD5
b104969ee4b9c9d8b9169b8b0f49d83b
-
SHA1
10920cfda95473fe5367931a383c4569ea66f73f
-
SHA256
971985906bface7df4e3ad4bf9a7ac225c1757333e934dedf59215c8c2da6c3b
-
SHA512
3d4ca916cc53e5657e9704759e75d828e7c39e10d6e715e3f38abe516a926c4af049517a68deb535891aafce06fe332f5d6bf671881748d1d647ad11ab51200f
-
SSDEEP
49152:3viI22SsaNYfdPBldt698dBcjHtCm8mzQkoGdIARTHHB72eh2NT:3vv22SsaNYfdPBldt6+dBcjHtCmtt
-
Quasar payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-