General
-
Target
Client-built.exe
-
Size
3.1MB
-
Sample
240731-3h9z4ayhkr
-
MD5
2c2744769214c1fb7dbfaab0899faa2e
-
SHA1
891b19df40e3bd50ced307779f2770c7b82125b1
-
SHA256
c8ebab297901040ef62bb8b91d6596bdbf59c22f9f6218a542c7c81857d0e90b
-
SHA512
62a4baf36859aba9396f3f223f387ef7d98511dd6833cdc61bc93db68f1fe6984d2c66ad5d764bd220ef6dea36ad14763b721425ee6560bdfdcfaadc672bfcd5
-
SSDEEP
49152:avKI22SsaNYfdPBldt698dBcjHDlT/qBxdroGdhTHHB72eh2NT:avn22SsaNYfdPBldt6+dBcjH1/w
Malware Config
Extracted
quasar
1.4.1
Office04
10.2.0.2:4782
192.168.1.32:4782
cc6f57e2-b224-4b7b-bfae-0b1e6f95f22f
-
encryption_key
48E15FD52A3A24CE1F767DA2AD76CB0B862CC879
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Solara
-
subdirectory
SubDir
Targets
-
-
Target
Client-built.exe
-
Size
3.1MB
-
MD5
2c2744769214c1fb7dbfaab0899faa2e
-
SHA1
891b19df40e3bd50ced307779f2770c7b82125b1
-
SHA256
c8ebab297901040ef62bb8b91d6596bdbf59c22f9f6218a542c7c81857d0e90b
-
SHA512
62a4baf36859aba9396f3f223f387ef7d98511dd6833cdc61bc93db68f1fe6984d2c66ad5d764bd220ef6dea36ad14763b721425ee6560bdfdcfaadc672bfcd5
-
SSDEEP
49152:avKI22SsaNYfdPBldt698dBcjHDlT/qBxdroGdhTHHB72eh2NT:avn22SsaNYfdPBldt6+dBcjH1/w
-
Quasar payload
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-